pith. sign in

arxiv: 2606.23696 · v1 · pith:L2FTYHWQnew · submitted 2026-04-30 · 💻 cs.SE

Privacy Engineering: A Systematic Literature Review

Pith reviewed 2026-07-01 08:05 UTC · model grok-4.3

classification 💻 cs.SE
keywords privacy engineeringsystematic literature reviewthematic synthesisGDPRprivacy enhancing technologiesgovernance and accountabilitysoftware development lifecycledata protection
0
0 comments X

The pith

Privacy engineering literature forms two cores—one on technologies and metrics, one on governance and accountability—mediated by modeling and specification.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper synthesizes 90 studies from 2018 to 2025 through systematic review and thematic synthesis to chart the structure of privacy engineering. It identifies thirteen dimensions that group into two recurrent cores, with one core covering privacy enhancing technologies, privacy metrics, and verification and testing, and the other covering governance and accountability, transparency and communication, and organizational measures. Modeling and specification mediates between the cores, while lifecycle mapping reveals concentrations at requirements and design, implementation and verification, and operation and decommissioning. Domain applications shift emphasis without altering the structure, and some areas like incident response receive less focus. A sympathetic reader would care because the map organizes how software meets privacy obligations such as those under GDPR and highlights practical concentrations and gaps.

Core claim

The thematic synthesis of the 90 studies reveals that privacy engineering dimensions form two recurrent cores. The first core consists of Privacy Enhancing Technologies with Privacy Metrics and Verification and Testing. The second core consists of Governance and Accountability with Transparency and Communication and Organizational Measures. Modeling and Specification mediates between the cores. Lifecycle mapping shows concentrations at requirements and design for modeling and governance dimensions, at implementation and verification for the technology core dimensions, and at operation and decommissioning for governance, organizational measures, and management dimensions such as data subject

What carries the argument

Thematic synthesis identifying two recurrent cores of thirteen dimensions with Modeling and Specification as the mediator between them.

If this is right

  • Handoffs link models to rules and tests, mechanisms to metrics, and deployments such as enclaves and ledgers to governance records.
  • Healthcare applications weight governance with verification and technologies, IoT and edge weight technologies with verification and metrics, web measurement weights transparency with verification, and AI and ML weight technologies with metrics.
  • Incident response and management, lifelong management, and data minimization and purpose limitation are less often primary foci.
  • The results supply a practical map and replication-ready scaffold for assessment and updates.
  • The structure remains stable across domains even as emphasis shifts.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The mediation role of modeling suggests that specification tools supporting both cores could reduce integration friction in privacy engineering projects.
  • Practitioners might apply the lifecycle concentrations to prioritize resources, such as allocating more verification effort in implementation phases.
  • Future work could test whether emerging privacy techniques in areas like federated learning introduce new dimensions or fit within the existing cores.
  • The scaffold could support comparative studies tracking how privacy engineering evolves in response to new regulations.

Load-bearing premise

The 90 studies selected via the systematic search and inclusion criteria are representative of the privacy engineering literature from 2018 to 2025, and the thematic synthesis accurately reflects recurrent structures without major interpretive bias.

What would settle it

A new systematic review using comparable methods but different search terms or time bounds that produces a different number of cores or substantially different lifecycle concentrations would falsify the central claim.

Figures

Figures reproduced from arXiv: 2606.23696 by Damian Andrew Tamburri, Nemania Borovits, Willem-Jan van den Heuvel.

Figure 1
Figure 1. Figure 1: Overview of the SLR process following the guidelines by Kitchenham et al [ [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Overview of the papers selection process. [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Publication trend of accepted studies for per year and by source. [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Thematic map instantiation of privacy engineering derived from the selected dataset as introduced by Cruzes & Dybå [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Counts per privacy engineering dimension across all studies, aggregating every occurrence of a dimension appearing as either [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Overview of the insights for the PETs dimension. [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Overview of the insights for the Verification & Testing dimension. [PITH_FULL_IMAGE:figures/full_fig_p010_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Overview of the insights for the Transparency & Communication dimension. [PITH_FULL_IMAGE:figures/full_fig_p012_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Overview of the insights for the Governance & Accountability dimension. [PITH_FULL_IMAGE:figures/full_fig_p013_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Overview of the insights for the Data Subject Rights Management dimension. [PITH_FULL_IMAGE:figures/full_fig_p014_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Overview of the insights for the Modeling & Specification dimension. [PITH_FULL_IMAGE:figures/full_fig_p016_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Overview of the insights for the Data Minimization & Purpose Limitation dimension. [PITH_FULL_IMAGE:figures/full_fig_p018_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: Overview of the insights for the Organizational Measures dimension. [PITH_FULL_IMAGE:figures/full_fig_p019_13.png] view at source ↗
Figure 14
Figure 14. Figure 14: Overview of the insights for the Privacy Metrics dimension. [PITH_FULL_IMAGE:figures/full_fig_p021_14.png] view at source ↗
Figure 15
Figure 15. Figure 15: Overview of the insights for the Culture & Training dimension. [PITH_FULL_IMAGE:figures/full_fig_p022_15.png] view at source ↗
Figure 16
Figure 16. Figure 16: Overview of the insights for the User-Centric dimension. [PITH_FULL_IMAGE:figures/full_fig_p023_16.png] view at source ↗
Figure 17
Figure 17. Figure 17: Overview of the insights for the Lifelong Management dimension. [PITH_FULL_IMAGE:figures/full_fig_p024_17.png] view at source ↗
Figure 18
Figure 18. Figure 18: Overview of the insights for the Incident Response & Management dimension. [PITH_FULL_IMAGE:figures/full_fig_p026_18.png] view at source ↗
Figure 19
Figure 19. Figure 19: Co-occurrence matrix of privacy-engineering dimensions across the included studies. Y-axis show the primary assignment [PITH_FULL_IMAGE:figures/full_fig_p027_19.png] view at source ↗
Figure 20
Figure 20. Figure 20: Group-level directional co-occurrence of dimensions. Mechanisms and Evaluation and Governance and Operations form two [PITH_FULL_IMAGE:figures/full_fig_p028_20.png] view at source ↗
Figure 21
Figure 21. Figure 21: Lifecycle placement of dimensions across two frames. The upper panel shows where dimensions concentrate along the software [PITH_FULL_IMAGE:figures/full_fig_p030_21.png] view at source ↗
Figure 22
Figure 22. Figure 22: Stacked counts of dimension occurrences per application domain. Bars show AI/ML, Healthcare and IoT/Edge; segments [PITH_FULL_IMAGE:figures/full_fig_p032_22.png] view at source ↗
Figure 23
Figure 23. Figure 23: Top co-occurring dimension pairs by domain (undirected sums). Bars show the three largest pair totals for Healthcare, [PITH_FULL_IMAGE:figures/full_fig_p032_23.png] view at source ↗
read the original abstract

Privacy obligations under GDPR increasingly shape software engineering. We synthesize 90 studies from 2018 to 2025 using a systematic review with thematic synthesis to chart privacy engineering. Thirteen dimensions form two recurrent cores: Privacy Enhancing Technologies (PETs) with Privacy Metrics (PM) and Verification and Testing (VT) and Governance and Accountability (GA) with Transparency and Communication (TC) and Organizational Measures (OM). Modeling and Specification (MS) mediates between the cores. Lifecycle mapping shows concentrations at requirements and design (MS, GA), at implementation and verification (PETs, VT, PM, TC) and at operation and decommissioning (GA, OM, Data Subject Rights Management (DSRM), Incident Response and Management (IRM), Lifelong Management (LM)). Handoffs link models to rules and tests, mechanisms to metrics and deployments such as enclaves and ledgers to governance records. Domains reweight but do not alter structure: healthcare weights GA with VT and PETs, IoT and edge weight PETs with VT and PM at device and edge, web measurement weights TC with VT, AI and ML weight PETs with PM. IRM, LM and Data Minimization and Purpose Limitation (DMPL) are less often primary foci, signaling priorities for future work. The results provide a practical map and a replication-ready scaffold for assessment and updates.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The manuscript conducts a systematic literature review of privacy engineering, synthesizing 90 studies published 2018–2025 via thematic synthesis. It identifies thirteen dimensions that form two recurrent cores (PETs–PM–VT and GA–TC–OM) mediated by MS, maps concentrations across the software lifecycle, notes handoffs and domain reweightings, and flags under-researched areas (IRM, LM, DMPL) as priorities for future work.

Significance. A methodologically sound synthesis would supply a practical, replication-ready map of the field that links technical and organizational dimensions, highlights lifecycle handoffs, and identifies research gaps, thereby supporting assessment, prioritization, and updates in privacy engineering.

major comments (2)
  1. [Abstract] Abstract: the description of the review process states only that a 'systematic review with thematic synthesis' was used to select and analyze the 90 studies; no search strategy, databases, inclusion/exclusion criteria, or inter-rater reliability measures are supplied. Because the central claims (two cores, MS mediator, lifecycle concentrations, domain reweightings) are direct outputs of that selection and coding process, the absence of these details leaves the representativeness of the sample and the fidelity of the thematic synthesis unverifiable.
  2. Thematic synthesis section (inferred from abstract and reader's weakest assumption): the derivation of the thirteen dimensions, their grouping into two cores, and the identification of MS as mediator are presented without documentation of the coding scheme, theme emergence process, or any validation steps. This directly affects the load-bearing claim that the observed structure reflects recurrent patterns in the 2018–2025 literature rather than interpretive choices or sampling artifacts.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive feedback. The comments correctly identify that the current manuscript provides insufficient methodological transparency, which is essential for a systematic review. We will revise the paper to address these points directly.

read point-by-point responses
  1. Referee: [Abstract] Abstract: the description of the review process states only that a 'systematic review with thematic synthesis' was used to select and analyze the 90 studies; no search strategy, databases, inclusion/exclusion criteria, or inter-rater reliability measures are supplied. Because the central claims (two cores, MS mediator, lifecycle concentrations, domain reweightings) are direct outputs of that selection and coding process, the absence of these details leaves the representativeness of the sample and the fidelity of the thematic synthesis unverifiable.

    Authors: We agree that the abstract (and the high-level description in the manuscript) does not supply these details. This is a valid observation that affects verifiability. In the revision we will add a dedicated Methods section (or expand the existing one) that explicitly reports the search strategy, databases searched, search strings, inclusion/exclusion criteria, screening process, number of studies at each stage, and inter-rater reliability measures. These additions will allow readers to assess the sample and the synthesis process. revision: yes

  2. Referee: [—] Thematic synthesis section (inferred from abstract and reader's weakest assumption): the derivation of the thirteen dimensions, their grouping into two cores, and the identification of MS as mediator are presented without documentation of the coding scheme, theme emergence process, or any validation steps. This directly affects the load-bearing claim that the observed structure reflects recurrent patterns in the 2018–2025 literature rather than interpretive choices or sampling artifacts.

    Authors: We concur that the manuscript currently lacks explicit documentation of the thematic synthesis procedure. To strengthen the claim that the two cores and MS mediator reflect recurrent patterns rather than ad-hoc interpretation, the revision will include a clear description of the coding scheme, the inductive process by which themes and groupings emerged, the number of coders involved, and any validation steps performed. This will make the derivation traceable to the 90 studies. revision: yes

Circularity Check

0 steps flagged

No circularity: literature review aggregates external studies without self-referential derivation

full rationale

This is a systematic literature review that selects 90 external studies via documented search and inclusion criteria, then applies thematic synthesis to identify recurrent dimensions and cores. The central map (two cores with MS as mediator, lifecycle concentrations, domain reweightings) is an output of coding the cited literature rather than any internal equation, fitted parameter, or self-citation chain that reduces the result to the paper's own inputs by construction. No self-definitional steps, fitted-input predictions, or uniqueness theorems appear; the synthesis is externally grounded in the sampled papers. Representativeness is a validity concern, not a circularity one.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The review depends on standard assumptions of literature search completeness and unbiased thematic coding rather than introducing new parameters or entities.

axioms (1)
  • domain assumption The 90 selected studies are representative of privacy engineering research from 2018-2025.
    The synthesis and map rest on the assumption that the search and inclusion process captured the relevant literature without systematic omission.

pith-pipeline@v0.9.1-grok · 5772 in / 1224 out tokens · 27701 ms · 2026-07-01T08:05:46.026127+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

137 extracted references · 86 canonical work pages

  1. [1]

    Guest Editorial: Special Issue on Security and Privacy of Distributed Algorithms and Network Systems.IEEE Trans

    2020. Guest Editorial: Special Issue on Security and Privacy of Distributed Algorithms and Network Systems.IEEE Trans. Automat. Control65, 9 (Sept. 2020), 3725–3727. doi:10.1109/TAC.2020.3004329

  2. [2]

    Zou, and David Mohaisen

    Ahod Alghuried, Mohammed Alkinoon, Manar Mohaisen, An Wang, Cliff C. Zou, and David Mohaisen. 2025. Blockchain Security and Privacy: Threats, Challenges, Applications, and Tools.Distributed Ledger Technologies: Research and Practice(Feb. 2025), 3716323. doi:10.1145/3716323

  3. [3]

    Nada Alhirabi, Omer Rana, and Charith Perera. 2021. Security and Privacy Requirements for the Internet of Things: A Survey.ACM Transactions on Internet of Things2, 1 (Feb. 2021), 1–37. doi:10.1145/3437537

  4. [4]

    Waqar Ali, Xiangmin Zhou, and Jie Shao. 2025. Privacy-preserved and Responsible Recommenders: From Conventional Defense to Federated Learning and Blockchain.Comput. Surveys57, 5 (May 2025), 1–35. doi:10.1145/3708982

  5. [5]

    Lamya Alkhariji, Nada Alhirabi, Mansour Naser Alraja, Mahmoud Barhamgi, Omer Rana, and Charith Perera. 2021. Synthesising Privacy by Design Knowledge Toward Explainable Internet of Things Application Designing in Healthcare.ACM Transactions on Multimedia Computing, Communications, and Applications17, 2s (June 2021), 1–29. doi:10.1145/3434186

  6. [6]

    Al-Bayatti

    Mishri AlMarshoud, Mehmet Sabir Kiraz, and Ali H. Al-Bayatti. 2024. Security, Privacy, and Decentralized Trust Management in VANETs: A Review of Current Research and Future Directions.Comput. Surveys56, 10 (Oct. 2024), 1–39. doi:10.1145/3656166

  7. [7]

    Majed Alshammari and Andrew Simpson. 2018. Privacy Architectural Strategies: An Approach for Achieving Various Levels of Privacy Protection. InProceedings of the 2018 Workshop on Privacy in the Electronic Society. ACM, Toronto Canada, 143–154. doi:10.1145/3267323.3268957

  8. [8]

    Vinícius Camargo Andrade, Rhodrigo Deda Gomes, Sheila Reinehr, Cinthia Obladen De Almendra Freitas, and Andreia Malucelli. 2022. Privacy by Design and Software Engineering: a Systematic Literature Review. InProceedings of the XXI Brazilian Symposium on Software Quality. ACM, Curitiba Brazil, 1–10. doi:10.1145/3571473.3571480

  9. [9]

    Mahmoud Barhamgi, Charith Perera, Chirine Ghedira, and Djamal Benslimane. 2018. User-centric Privacy Engineering for the Internet of Things. IEEE Cloud Computing5, 5 (Sept. 2018), 47–57. doi:10.1109/MCC.2018.053711666

  10. [10]

    Saira Beg, Saif Ur Rehman Khan, and Adeel Anjum. 2022. Data usage-based privacy and security issues in mobile app recommendation (MAR): a systematic literature review.Library Hi Tech40, 3 (May 2022), 725–749. doi:10.1108/LHT-04-2021-0147

  11. [11]

    Fatima Zohra Benhamida, Joan Navarro, Oihane Gómez-Carmona, Diego Casado-Mansilla, Diego López-de Ipiña, and Agustín Zaballos. 2021. PyFF: A Fog-Based Flexible Architecture for Enabling Privacy-by-Design IoT-Based Communal Smart Environments.Sensors21, 11 (May 2021),

  12. [12]

    doi:10.3390/s21113640

  13. [13]

    2022.Exploring Privacy as a Competitive Advantage

    Arjun Bhatnagar. 2022.Exploring Privacy as a Competitive Advantage. Forbes. https://www.forbes.com/councils/forbestechcouncil/2022/09/23/ exploring-privacy-as-a-competitive-advantage/

  14. [14]

    Saad M Bindawas, Vishal Vennu, Maha Almarwani, and Walid Alkeridy. 2025. Distribution and determinants of the utilization of senior residential care homes in Saudi Arabia: a cross-sectional study.Frontiers in Public Health12 (2025), 1446360

  15. [15]

    Caiza, Yod-Samuel Martin, Danny S

    Julio C. Caiza, Yod-Samuel Martin, Danny S. Guaman, Jose M. Del Alamo, and Juan C. Yelmo. 2019. Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study.IEEE Access7 (2019), 66512–66535. doi:10.1109/ACCESS.2019.2918003

  16. [16]

    Andrea Carboni, Dario Russo, Davide Moroni, and Paolo Barsocchi. 2023. Privacy by design in systems for assisted living, personalised care, and wellbeing: A stakeholder analysis.Frontiers in Digital Health4 (Feb. 2023), 934609. doi:10.3389/fdgth.2022.934609

  17. [17]

    Laura Carmichael, Wendy Hall, and Michael Boniface. 2024. Personal data store ecosystems in health and social care.Frontiers in Public Health12 (Feb. 2024), 1348044. doi:10.3389/fpubh.2024.1348044

  18. [18]

    Orlando Amaral Cejas, Sallam Abualhaija, and Lionel C Briand. 2024. Compai: A tool for gdpr completeness checking of privacy policies using artificial intelligence. InProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering. 2366–2369

  19. [19]

    Huiming Chen, Huandong Wang, Qingyue Long, Depeng Jin, and Yong Li. 2025. Advancements in Federated Learning: Models, Methods, and Privacy.Comput. Surveys57, 2 (Feb. 2025), 1–39. doi:10.1145/3664650 Manuscript submitted to ACM 42 Borovits et al

  20. [20]

    Ramanathan, and Mamoun Alazab

    Jie Chen, L. Ramanathan, and Mamoun Alazab. 2021. Holistic big data integrated artificial intelligent modeling to improve privacy and security in data management of smart cities.Microprocessors and Microsystems81 (March 2021), 103722. doi:10.1016/j.micpro.2020.103722

  21. [21]

    Daniela S Cruzes and Tore Dyba. 2011. Recommended steps for thematic synthesis in software engineering. In2011 international symposium on empirical software engineering and measurement. IEEE, 275–284

  22. [22]

    Skarmeta

    Said Daoudagh, Eda Marchetti, Vincenzo Savarino, Jorge Bernal Bernabe, Jesús García-Rodríguez, Rafael Torres Moreno, Juan Antonio Martinez, and Antonio F. Skarmeta. 2021. Data Protection by Design in the Context of Smart Cities: A Consent and Access Control Proposal.Sensors21, 21 (Oct. 2021), 7154. doi:10.3390/s21217154

  23. [23]

    Shirlei Aparecida De Chaves and Fabiane Barreto Vavassori Benitti. 2023. Privacy by Design in Software Engineering: An update of a Systematic Mapping Study. InProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing. ACM, Tallinn Estonia, 1362–1369. doi:10.1145/3555776. 3577626

  24. [24]

    Shirlei Aparecida De Chaves and Fabiane Benitti. 2025. User-Centred Privacy and Data Protection: An Overview of Current Research Trends and Challenges for the Human–Computer Interaction Field.Comput. Surveys57, 7 (July 2025), 1–36. doi:10.1145/3715903

  25. [25]

    Lea Demelius, Roman Kern, and Andreas Trügler. 2025. Recent advances of differential privacy in centralized deep learning: A systematic survey. Comput. Surveys57, 6 (2025), 1–28

  26. [26]

    Natalia Díaz-Rodríguez, Javier Del Ser, Mark Coeckelbergh, Marcos López De Prado, Enrique Herrera-Viedma, and Francisco Herrera. 2023. Connecting the dots in trustworthy Artificial Intelligence: From AI principles, ethics, and key requirements to responsible AI systems and regulation.Information Fusion99 (2023), 101896

  27. [27]

    Lingyu Du, Jinyuan Jia, Xucong Zhang, and Guohao Lan. 2024. PrivateGaze: Preserving User Privacy in Black-box Mobile Gaze Tracking Services. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies8, 3 (Aug. 2024), 1–28. doi:10.1145/3678595

  28. [28]

    Farah Elkourdi, Chenhao Wei, Lu Xiao, Zhongyuan Yu, and Onur Asan. 2024. Exploring Current Practices and Challenges of HIPAA Compliance in Software Engineering: Scoping Review.IEEE Open Journal of Systems Engineering2 (2024), 94–104. doi:10.1109/OJSE.2024.3392691

  29. [29]

    Tatiana Ermakova, Benjamin Fabian, Marta Kornacka, Scott Thiebes, and Ali Sunyaev. 2020. Security and Privacy Requirements for Cloud Computing in Healthcare: Elicitation and Prioritization from a Patient Perspective.ACM Transactions on Management Information Systems11, 2 (June 2020), 1–29. doi:10.1145/3386160

  30. [30]

    Ming Fan, Le Yu, Sen Chen, Hao Zhou, Xiapu Luo, Shuyue Li, Yang Liu, Jun Liu, and Ting Liu. 2020. An empirical evaluation of GDPR compliance violations in Android mHealth apps. In2020 IEEE 31st international symposium on software reliability engineering (ISSRE). IEEE, 253–264

  31. [31]

    Michael Gebauer, Faraz Maschhur, Nicola Leschke, Elias Grünewald, and Frank Pallas. 2023. A ‘Human-in-the-Loop’ approach for Information Extraction from Privacy Policies under Data Scarcity. In2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, Delft, Netherlands, 76–83. doi:10.1109/EuroSPW59978.2023.00014

  32. [32]

    Mohamad Gharib, Paolo Giorgini, and John Mylopoulos. 2020. An ontology for privacy requirements via a systematic literature review.Journal on Data Semantics9, 4 (2020), 123–149

  33. [33]

    Mohamad Gharib, Paolo Giorgini, and John Mylopoulos. 2021. COPri v. 2—A core ontology for privacy requirements.Data & Knowledge Engineering 133 (2021), 101888

  34. [34]

    Giammaria Giordano, Fabio Palomba, and Filomena Ferrucci. 2022. On the use of artificial intelligence to deal with privacy in IoT systems: A systematic literature review.Journal of Systems and Software193 (Nov. 2022), 111475. doi:10.1016/j.jss.2022.111475

  35. [35]

    Reinhard Grabler and Sabine Theresia Koeszegi. 2025. Privacy beyond Data: Assessment and Mitigation of Privacy Risks in Robotic Technology for Elderly Care.ACM Transactions on Human-Robot Interaction14, 1 (March 2025), 1–23. doi:10.1145/3689216

  36. [36]

    Seda Gürses and Jose M Del Alamo. 2016. Privacy engineering: Shaping an emerging field of research and practice.IEEE Security & Privacy14, 2 (2016), 40–46

  37. [37]

    Mohammad Hammoudeh, Gregory Epiphaniou, Sana Belguith, Devrim Unal, Bamidele Adebisi, Thar Baker, A. S. M. Kayes, and Paul Watters

  38. [38]

    doi:10.1109/JSEN.2020.2981558

    A Service-Oriented Approach for Sensing in the Internet of Things: Intelligent Transportation Systems and Privacy Use Cases.IEEE Sensors Journal21, 14 (July 2021), 15753–15761. doi:10.1109/JSEN.2020.2981558

  39. [39]

    Ekaputra, Gerald Quirchmayr, and A

    Guntur Budi Herwanto, Fajar J. Ekaputra, Gerald Quirchmayr, and A. Min Tjoa. 2024. Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature Review.IEEE Access12 (2024), 47518–47542. doi:10.1109/ACCESS.2024.3380888

  40. [40]

    Min Tjoa

    Guntur Budi Herwanto, Gerald Quirchmayr, and A. Min Tjoa. 2024. Leveraging NLP Techniques for Privacy Requirements Engineering in User Stories.IEEE Access12 (2024), 22167–22189. doi:10.1109/ACCESS.2024.3364533

  41. [41]

    Alida Hills, Adéle Da Veiga, Mariaan Loock, and Karen Renaud. 2024. A holistic list of privacy-preserving measures for system development life cycles. InInternational Conference on Advanced Research in Technologies, Information, Innovation and Sustainability. Springer, 283–300

  42. [42]

    Tore Hoel and Weiqin Chen. 2019. Privacy engineering for learning analytics in a global market: Defining a point of reference.The International Journal of Information and Learning Technology36, 4 (2019), 288–298

  43. [43]

    watching-eye

    Yaou Hu and Hyounae (Kelly) Min. 2023. The dark side of artificial intelligence in service: The “watching-eye” effect and privacy concerns. International Journal of Hospitality Management110 (April 2023), 103437. doi:10.1016/j.ijhm.2023.103437

  44. [44]

    2023.Leveraging Data Privacy as a Competitive Advantage

    Emmanuel Iserameiya. 2023.Leveraging Data Privacy as a Competitive Advantage. LinkedIn. https://www.linkedin.com/pulse/leveraging-data- privacy-competitive-advantage-ax8je/

  45. [45]

    Shareeful Islam, Moussa Ouedraogo, Christos Kalloniatis, Haralambos Mouratidis, and Stefanos Gritzalis. 2018. Assurance of Security and Privacy Requirements for Cloud Deployment Models.IEEE Transactions on Cloud Computing6, 2 (April 2018), 387–400. doi:10.1109/TCC.2015.2511719 Manuscript submitted to ACM Privacy Engineering: A Systematic Literature Review 43

  46. [46]

    Wael Issa, Nour Moustafa, Benjamin Turnbull, Nasrin Sohrabi, and Zahir Tari. 2023. Blockchain-Based Federated Learning for Securing Internet of Things: A Comprehensive Survey.Comput. Surveys55, 9 (Sept. 2023), 1–43. doi:10.1145/3560816

  47. [47]

    Ali Babar

    Leonardo Horn Iwaya, Aakash Ahmad, and M. Ali Babar. 2020. Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping Study.IEEE Access8 (2020), 150081–150112. doi:10.1109/ACCESS.2020.3015962

  48. [48]

    Leonardo Horn Iwaya, Ala Sarah Alaqra, Marit Hansen, and Simone Fischer-Hübner. 2024. Privacy impact assessments in the wild: A scoping review.Array23 (Sept. 2024), 100356. doi:10.1016/j.array.2024.100356

  49. [49]

    Leonardo Horn Iwaya, Muhammad Ali Babar, and Awais Rashid. 2023. Privacy Engineering in the Wild: Understanding the Practitioners’ Mindset, Organizational Aspects, and Current Practices.IEEE Transactions on Software Engineering49, 9 (Sept. 2023), 4324–4348. doi:10.1109/TSE.2023.3290237

  50. [50]

    Ali Babar, Awais Rashid, and Chamila Wijayarathna

    Leonardo Horn Iwaya, M. Ali Babar, Awais Rashid, and Chamila Wijayarathna. 2023. On the privacy of mental health apps: An empirical investigation and its implications for app development.Empirical Software Engineering28, 1 (Jan. 2023), 2. doi:10.1007/s10664-022-10236-0

  51. [51]

    Leonardo Horn Iwaya, Gabriel Horn Iwaya, Simone Fischer-Hubner, and Andrea Valeria Steil. 2022. Organisational Privacy Culture and Climate: A Scoping Review.IEEE Access10 (2022), 73907–73930. doi:10.1109/ACCESS.2022.3190373

  52. [52]

    Christian Jandl, Markus Wagner, Thomas Moser, and Sebastian Schlund. 2021. Reasons and Strategies for Privacy Features in Tracking and Tracing Systems—A Systematic Literature Review.Sensors21, 13 (June 2021), 4501. doi:10.3390/s21134501

  53. [53]

    Yousra Javed and Ayesha Sajid. 2024. A systematic review of privacy policy literature.Comput. Surveys57, 2 (2024), 1–43

  54. [54]

    Nikhil Jha, Martino Trevisan, Luca Vassio, and Marco Mellia. 2022. The Internet with Privacy Policies: Measuring The Web Upon Consent.ACM Transactions on the Web16, 3 (Aug. 2022), 1–24. doi:10.1145/3555352

  55. [55]

    2023.Data Collection Management: A Professional Perspective on Data Privacy

    Kristin Johnston. 2023.Data Collection Management: A Professional Perspective on Data Privacy. Bloomberg Law. https://www.bloomberglaw.com/ external/document/XB3VGCMG000000/data-collection-management-professional-perspective-data-privacy

  56. [56]

    Kerina H Jones, David Vincent Ford, Simon Thompson, and Ronan Lyons. 2020. A Profile of the SAIL Databank on the UK Secure Research Platform.International Journal of Population Data Science4, 2 (Oct. 2020). doi:10.23889/ijpds.v4i2.1134

  57. [57]

    Sara Jordan, Clara Fontaine, and Rachele Hendricks-Sturrup. 2022. Selecting Privacy-Enhancing Technologies for Managing Health Data Use. Frontiers in Public Health10 (March 2022), 814163. doi:10.3389/fpubh.2022.814163

  58. [58]

    2023.Data Privacy Isn’t a Compliance Checkbox, But a Competitive Advantage

    Rashmi Kaushik. 2023.Data Privacy Isn’t a Compliance Checkbox, But a Competitive Advantage. IBM. https://www.ibm.com/blog/data-privacy- isnt-a-compliance-checkbox-but-a-competitive-advantage/

  59. [59]

    Muhammad Irfan Khalid, Mansoor Ahmed, and Jungsuk Kim. 2023. Enhancing Data Protection in Dynamic Consent Management Systems: Formalizing Privacy and Security Definitions with Differential Privacy, Decentralization, and Zero-Knowledge Proofs.Sensors23, 17 (Sept. 2023),

  60. [60]

    doi:10.3390/s23177604

  61. [61]

    Barbara Kitchenham et al. 2004. Procedures for performing systematic reviews.Keele, UK, Keele University33, 2004 (2004), 1–26

  62. [62]

    2015.Evidence-based software engineering and systematic reviews

    Barbara Ann Kitchenham, David Budgen, and Pearl Brereton. 2015.Evidence-based software engineering and systematic reviews. CRC press

  63. [63]

    Oleksandr Kosenkov, Parisa Elahidoost, Tony Gorschek, Jannik Fischbach, Daniel Mendez, Michael Unterkalmsteiner, Davide Fucci, and Rahul Mohanani. 2025. Systematic mapping study on requirements engineering for regulatory compliance of software systems.Information and Software Technology178 (2025), 107622

  64. [64]

    Alexia Dini Kounoudes and Georgia M Kapitsaki. 2020. A mapping of IoT user-centric privacy preserving approaches to the GDPR.Internet of Things11 (2020), 100179

  65. [65]

    Immanuel Kunz and Shuqian Xu. 2023. Privacy as an architectural quality: A definition and an architectural view. In2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 125–132

  66. [66]

    J Richard Landis and Gary G Koch. 1977. The measurement of observer agreement for categorical data.biometrics(1977), 159–174

  67. [67]

    Ruixuan Li, Xiaofeng Jia, Zhenyong Zhang, Jun Shao, Rongxing Lu, Jingqiang Lin, Xiaoqi Jia, and Guiyi Wei. 2023. A Longitudinal and Comprehensive Measurement of DNS Strict Privacy.IEEE/ACM Transactions on Networking31, 6 (Dec. 2023), 2793–2808. doi:10.1109/TNET.2023.3262651

  68. [68]

    Wei Liang, Yaqin Liu, Ce Yang, Songyou Xie, Kuanching Li, and Willy Susilo. 2024. On Identity, Transaction, and Smart Contract Privacy on Permissioned and Permissionless Blockchain: A Comprehensive Survey.Comput. Surveys56, 12 (Dec. 2024), 1–35. doi:10.1145/3676164

  69. [69]

    Jonathan W. Z. Lim and Vrizlynn L. L. Thing. 2023. Toward a Universal and Sustainable Privacy Protection Framework.Digital Government: Research and Practice4, 4 (Dec. 2023), 1–13. doi:10.1145/3609801

  70. [70]

    Linbin Liu, June Li, Jianming Lv, Juan Wang, Siyu Zhao, and Qiuyu Lu. 2024. Privacy-Preserving and Secure Industrial Big Data Analytics: A Survey and the Research Framework.IEEE Internet of Things Journal11, 11 (June 2024), 18976–18999. doi:10.1109/JIOT.2024.3353727

  71. [71]

    Vasilakos

    Ximeng Liu, Lehui Xie, Yaopeng Wang, Jian Zou, Jinbo Xiong, Zuobin Ying, and Athanasios V. Vasilakos. 2021. Privacy and Security Issues in Deep Learning: A Survey.IEEE Access9 (2021), 4566–4593. doi:10.1109/ACCESS.2020.3045078

  72. [72]

    Sin Kit Lo, Qinghua Lu, Chen Wang, Hye-Young Paik, and Liming Zhu. 2022. A Systematic Literature Review on Federated Machine Learning: From a Software Engineering Perspective.Comput. Surveys54, 5 (June 2022), 1–39. doi:10.1145/3450288

  73. [73]

    Tom Lodge and Andy Crabtree. 2019. Privacy Engineering for Domestic IoT: Enabling Due Diligence.Sensors19, 20 (Oct. 2019), 4380. doi:10.3390/ s19204380

  74. [74]

    Chiara Marcolla, Victor Sucasas, Marc Manzano, Riccardo Bassoli, Frank H. P. Fitzek, and Najwa Aaraj. 2022. Survey on Fully Homomorphic Encryption, Theory, and Applications.Proc. IEEE110, 10 (Oct. 2022), 1572–1609. doi:10.1109/JPROC.2022.3205665

  75. [75]

    Silvia Mastrolembo Ventura, Paolo Bellagente, Stefano Rinaldi, Alessandra Flammini, and Angelo L. C. Ciribini. 2023. Enhancing Safety on Construction Sites: A UWB-Based Proximity Warning System Ensuring GDPR Compliance to Prevent Collision Hazards.Sensors23, 24 (Dec. 2023), Manuscript submitted to ACM 44 Borovits et al

  76. [76]

    doi:10.3390/s23249770

  77. [77]

    Anthony Mazeli. 2022. A Framework to Support Software Developers in Implementing Privacy Features. In2022 IEEE/ACM 44th Interna- tional Conference on Software Engineering: Companion Proceedings (ICSE-Companion). IEEE, Pittsburgh, PA, USA, 245–247. doi:10.1109/ICSE- Companion55297.2022.9793756

  78. [78]

    Miti Mazmudar, Thomas Humphries, Jiaxiang Liu, Matthew Rafuse, and Xi He. 2022. Cache Me If You Can: Accuracy-Aware Inference Engine for Differentially Private Data Exploration.Proceedings of the VLDB Endowment16, 4 (Dec. 2022), 574–586. doi:10.14778/3574245.3574246

  79. [79]

    Pietro Melzi, Christian Rathgeb, Ruben Tolosana, Ruben Vera-Rodriguez, and Christoph Busch. 2024. An Overview of Privacy-Enhancing Technologies in Biometric Recognition.Comput. Surveys56, 12 (Dec. 2024), 1–28. doi:10.1145/3664596

  80. [80]

    Kanghua Mo, Peigen Ye, Xiaojun Ren, Shaowei Wang, Wenjun Li, and Jin Li. 2024. Security and Privacy Issues in Deep Reinforcement Learning: Threats and Countermeasures.Comput. Surveys56, 6 (June 2024), 1–39. doi:10.1145/3640312

Showing first 80 references.