Supporting the Integration of Privacy-Enhancing Technologies into the Software Development Life Cycle

Privacy-Enhancing Technologies (PETs) have been receiving rising attention in the academic sphere. In practice, however, the adoption of such technologies remains low. Beyond the implementation of a PET, it is not clear where along the process of software engineering PETs should be considered, and which activities must take place to facilitate their implementation. We investigate PETs in the software engineering process from the perspective of privacy requirements engineering. We conduct a systematic literature review and interview 10 privacy experts, exploring the integration of PETs into software engineering, as well as identifying associated challenges and their potential solutions. We also conduct a survey study with five experts and 100 developers to evaluate our created artifact. We propose a unified process diagram that illustrates the roles and activities involved in the implementation of PETs in software systems. We map the identified solution concepts to the diagram, highlighting vital stages of the software engineering process in tackling challenges in adopting PETs. The results of our survey study indicate general overall agreement with the presentation and content of the process diagram. Integrating PETs into software engineering involves a diverse cohort of roles and several challenges, but also concrete solution concepts that can be pinpointed in our process diagram. An analysis of available solutions juxtaposed with perceived challenges from privacy experts reveals there is much work to be done in increasing practitioner education on PETs.