{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,2]],"date-time":"2025-12-02T06:15:47Z","timestamp":1764656147060,"version":"3.41.0"},"publisher-location":"Cham","reference-count":102,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030773915"},{"type":"electronic","value":"9783030773922"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-77392-2_16","type":"book-chapter","created":{"date-parts":[[2021,7,2]],"date-time":"2021-07-02T23:06:05Z","timestamp":1625267165000},"page":"241-257","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Privacy Design Strategies and the GDPR: A Systematic Literature Review"],"prefix":"10.1007","author":[{"given":"Marco","family":"Saltarella","sequence":"first","affiliation":[]},{"given":"Giuseppe","family":"Desolda","sequence":"additional","affiliation":[]},{"given":"Rosa","family":"Lanzilotti","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,3]]},"reference":[{"key":"16_CR1","doi-asserted-by":"publisher","unstructured":"Mougiakou, E., Virvou, M.: Based on GDPR privacy in UML: case of e-learning program. In: 2017 8th International Conference on Information, Intelligence, Systems Applications (IISA), pp. 1\u20138 (2017). https:\/\/doi.org\/10.1109\/IISA.2017.8316456","DOI":"10.1109\/IISA.2017.8316456"},{"key":"16_CR2","doi-asserted-by":"publisher","unstructured":"Martin, Y., Kung, A.: Methods and tools for GDPR compliance through privacy and data protection engineering. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), pp. 108\u2013111 (2018). https:\/\/doi.org\/10.1109\/EuroSPW.2018.00021","DOI":"10.1109\/EuroSPW.2018.00021"},{"key":"16_CR3","doi-asserted-by":"publisher","unstructured":"Hjerppe, K., Ruohonen, J., Lepp\u00e4nen, V.: The general data protection regulation: requirements, architectures, and constraints. In: 2019 IEEE 27th International Requirements Engineering Conference (RE), pp. 265\u2013275 (2019). https:\/\/doi.org\/10.1109\/RE.2019.00036","DOI":"10.1109\/RE.2019.00036"},{"key":"16_CR4","doi-asserted-by":"publisher","unstructured":"Morales-Trujillo, M.E., Garcia-Mireles, G.A.: Extending ISO\/IEC 29110 basic profile with privacy-by-design approach: a case study in the health care sector. In: 2018 11th International Conference on the Quality of Information and Communications Technology (QUATIC), pp. 56\u201364 (2018). https:\/\/doi.org\/10.1109\/QUATIC.2018.00018","DOI":"10.1109\/QUATIC.2018.00018"},{"key":"16_CR5","doi-asserted-by":"publisher","first-page":"488","DOI":"10.1109\/JIOT.2018.2864168","volume":"6","author":"C Li","year":"2019","unstructured":"Li, C., Palanisamy, B.: Privacy in internet of things: from principles to technologies. IEEE Internet Things J. 6, 488\u2013505 (2019). https:\/\/doi.org\/10.1109\/JIOT.2018.2864168","journal-title":"IEEE Internet Things J."},{"key":"16_CR6","doi-asserted-by":"publisher","unstructured":"Sion, L., et al.: An architectural view for data protection by design. In: 2019 IEEE International Conference on Software Architecture (ICSA), pp. 11\u201320 (2019). https:\/\/doi.org\/10.1109\/ICSA.2019.00010","DOI":"10.1109\/ICSA.2019.00010"},{"key":"16_CR7","doi-asserted-by":"publisher","unstructured":"Ayala-Rivera, V., Pasquale, L.: The grace period has ended: an approach to operationalize GDPR requirements. In: 2018 IEEE 26th International Requirements Engineering Conference (RE), pp. 136\u2013146 (2018). https:\/\/doi.org\/10.1109\/RE.2018.00023","DOI":"10.1109\/RE.2018.00023"},{"key":"16_CR8","doi-asserted-by":"publisher","first-page":"26543","DOI":"10.1109\/ACCESS.2018.2836184","volume":"6","author":"A Sokolovska","year":"2018","unstructured":"Sokolovska, A., Kocarev, L.: Integrating technical and legal concepts of privacy. IEEE Access. 6, 26543\u201326557 (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2836184","journal-title":"IEEE Access."},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Colesky, M., Ghanavati, S.: Privacy shielding by design\u2014a strategies case for near-compliance. In: 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), pp. 271\u2013275. IEEE (2016)","DOI":"10.1109\/REW.2016.051"},{"key":"16_CR10","doi-asserted-by":"publisher","unstructured":"Coles, J., Faily, S., Ki-Aries, D.: Tool-supporting data protection impact assessments with CAIRIS. In: 2018 IEEE 5th International Workshop on Evolving Security Privacy Requirements Engineering (ESPRE), pp. 21\u201327 (2018). https:\/\/doi.org\/10.1109\/ESPRE.2018.00010","DOI":"10.1109\/ESPRE.2018.00010"},{"key":"16_CR11","doi-asserted-by":"publisher","first-page":"23601","DOI":"10.1109\/ACCESS.2020.2968741","volume":"8","author":"C Badii","year":"2020","unstructured":"Badii, C., Bellini, P., Difino, A., Nesi, P.: Smart city IoT platform respecting GDPR privacy and security aspects. IEEE Access. 8, 23601\u201323623 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2968741","journal-title":"IEEE Access."},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Pedrosa, M., Costa, C., Dorado, J.: GDPR impacts and opportunities for computer-aided diagnosis guidelines and legal perspectives. In: 2019 IEEE 32nd International Symposium on Computer-Based Medical Systems (CBMS), pp. 616\u2013621 (2019)","DOI":"10.1109\/CBMS.2019.00128"},{"key":"16_CR13","doi-asserted-by":"publisher","unstructured":"Antignac, T., Scandariato, R., Schneider, G.: Privacy compliance via model transformations. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), pp. 120\u2013126 (2018). https:\/\/doi.org\/10.1109\/EuroSPW.2018.00024","DOI":"10.1109\/EuroSPW.2018.00024"},{"key":"16_CR14","doi-asserted-by":"publisher","first-page":"35429","DOI":"10.1109\/ACCESS.2020.2974911","volume":"8","author":"M Hatamian","year":"2020","unstructured":"Hatamian, M.: Engineering privacy in smartphone apps: a technical guideline catalog for app developers. IEEE Access. 8, 35429\u201335445 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.2974911","journal-title":"IEEE Access."},{"key":"16_CR15","doi-asserted-by":"publisher","unstructured":"Groen, E.C., Ochs, M.: CrowdRE, user Feedback and GDPR: towards tackling GDPR implications with adequate technical and organizational measures in an effort-minimal way. In: 2019 IEEE 27th International Requirements Engineering Conference Workshops (REW), pp. 180\u2013185 (2019). https:\/\/doi.org\/10.1109\/REW.2019.00038","DOI":"10.1109\/REW.2019.00038"},{"key":"16_CR16","doi-asserted-by":"publisher","unstructured":"Mustafa, U., Pflugel, E., Philip, N.: A novel privacy framework for secure M-Health applications: the case of the GDPR. In: 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pp. 1\u20139 (2019). https:\/\/doi.org\/10.1109\/ICGS3.2019.8688019","DOI":"10.1109\/ICGS3.2019.8688019"},{"key":"16_CR17","doi-asserted-by":"publisher","first-page":"9390","DOI":"10.1109\/ACCESS.2018.2799522","volume":"6","author":"A Papageorgiou","year":"2018","unstructured":"Papageorgiou, A., Strigkos, M., Politou, E., Alepis, E., Solanas, A., Patsakis, C.: Security and privacy analysis of mobile health applications: the alarming state of practice. IEEE Access. 6, 9390\u20139403 (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2799522","journal-title":"IEEE Access."},{"key":"16_CR18","doi-asserted-by":"publisher","unstructured":"Saatci, C., Gunal, E.S.: Preserving privacy in personal data processing. In: 2019 1st International Informatics and Software Engineering Conference (UBMYK), pp. 1\u20134 (2019). https:\/\/doi.org\/10.1109\/UBMYK48245.2019.8965432","DOI":"10.1109\/UBMYK48245.2019.8965432"},{"key":"16_CR19","doi-asserted-by":"publisher","unstructured":"Gruschka, N., Mavroeidis, V., Vishi, K., Jensen, M.: Privacy issues and data protection in big data: a case study analysis under GDPR. In: 2018 IEEE International Conference on Big Data (Big Data), pp. 5027\u20135033 (2018). https:\/\/doi.org\/10.1109\/BigData.2018.8622621","DOI":"10.1109\/BigData.2018.8622621"},{"key":"16_CR20","doi-asserted-by":"publisher","unstructured":"Hiller, J., Schuldes, M., Eckstein, L.: Recognition and pseudonymization of data privacy relevant areas in videos for compliance with GDPR. In: 2019 IEEE Intelligent Transportation Systems Conference (ITSC), pp. 2387\u20132393 (2019). https:\/\/doi.org\/10.1109\/ITSC.2019.8917267","DOI":"10.1109\/ITSC.2019.8917267"},{"key":"16_CR21","doi-asserted-by":"publisher","unstructured":"Mannhardt, F., Petersen, S.A., Oliveira, M.F.: Privacy challenges for process mining in human-centered industrial environments. In: 2018 14th International Conference on Intelligent Environments (IE), pp. 64\u201371 (2018). https:\/\/doi.org\/10.1109\/IE.2018.00017","DOI":"10.1109\/IE.2018.00017"},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Morel, V., Cunche, M., M\u00e9tayer, D.L.: A generic information and consent framework for the IoT. In: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications\/13th IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE), pp. 366\u2013373 (2019)","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00056"},{"key":"16_CR23","doi-asserted-by":"publisher","unstructured":"Butin, D., M\u00e9tayer, D.L.: A guide to end-to-end privacy accountability. In: 2015 IEEE\/ACM 1st International Workshop on Technical and Legal aspects of data Privacy and Security, pp. 20\u201325 (2015). https:\/\/doi.org\/10.1109\/TELERISE.2015.12","DOI":"10.1109\/TELERISE.2015.12"},{"key":"16_CR24","doi-asserted-by":"publisher","unstructured":"Wachter, S.: Ethical and normative challenges of identification in the internet of things. In: Living in the Internet of Things: Cybersecurity of the IoT \u2013 2018, pp. 1\u201310 (2018). https:\/\/doi.org\/10.1049\/cp.2018.0013","DOI":"10.1049\/cp.2018.0013"},{"key":"16_CR25","doi-asserted-by":"publisher","unstructured":"Torre, D., Soltana, G., Sabetzadeh, M., Briand, L.C., Auffinger, Y., Goes, P.: Using models to enable compliance checking against the GDPR: an experience report. In: 2019 ACM\/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS), pp. 1\u201311 (2019). https:\/\/doi.org\/10.1109\/MODELS.2019.00-20","DOI":"10.1109\/MODELS.2019.00-20"},{"key":"16_CR26","doi-asserted-by":"publisher","unstructured":"Masmoudi, F., Sellami, M., Loulou, M., Kacem, A.H.: Optimal evidence collection for accountability in the cloud. In: 2018 IEEE 15th International Conference on e-Business Engineering (ICEBE), pp. 78\u201385 (2018). https:\/\/doi.org\/10.1109\/ICEBE.2018.00022","DOI":"10.1109\/ICEBE.2018.00022"},{"key":"16_CR27","doi-asserted-by":"crossref","unstructured":"Tapsell, J., Akram, R.N., Markantonakis, K.: Consumer centric data control, tracking and transparency \u2013 a position paper. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications\/12th IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE), pp. 1380\u20131385 (2018)","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00191"},{"key":"16_CR28","doi-asserted-by":"publisher","unstructured":"Damjanovic-Behrendt, V.: A Digital twin-based privacy enhancement mechanism for the automotive industry. In: 2018 International Conference on Intelligent Systems (IS), pp. 272\u2013279 (2018). https:\/\/doi.org\/10.1109\/IS.2018.8710526","DOI":"10.1109\/IS.2018.8710526"},{"key":"16_CR29","doi-asserted-by":"publisher","unstructured":"Ladjel, R., Anciaux, N., Pucheral, P., Scerri, G.: Trustworthy distributed computations on personal data using trusted execution environments. In: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications\/13th IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE), pp. 381\u2013388 (2019). https:\/\/doi.org\/10.1109\/TrustCom\/BigDataSE.2019.00058","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00058"},{"key":"16_CR30","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/MSEC.2019.2914614","volume":"17","author":"J Singh","year":"2019","unstructured":"Singh, J., Cobbe, J.: The security implications of data subject rights. IEEE Secur. Priv. 17, 21\u201330 (2019). https:\/\/doi.org\/10.1109\/MSEC.2019.2914614","journal-title":"IEEE Secur. Priv."},{"key":"16_CR31","doi-asserted-by":"publisher","unstructured":"Utz, C., Degeling, M., Fahl, S., Schaub, F., Holz, T.: (Un) Informed consent: studying GDPR consent notices in the field. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 973\u2013990. Association for Computing Machinery, New York (2019). https:\/\/doi.org\/10.1145\/3319535.3354212","DOI":"10.1145\/3319535.3354212"},{"key":"16_CR32","doi-asserted-by":"publisher","unstructured":"Ahmadian, A.S., Str\u00fcber, D., Riediger, V., J\u00fcrjens, J.: Supporting privacy impact assessment by model-based privacy analysis. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 1467\u20131474. Association for Computing Machinery, New York, NY, USA (2018). https:\/\/doi.org\/10.1145\/3167132.3167288","DOI":"10.1145\/3167132.3167288"},{"key":"16_CR33","doi-asserted-by":"publisher","unstructured":"Ahmadian, A.S., Str\u00fcber, D., J\u00fcrjens, J.: Privacy-enhanced system design modeling based on privacy features. In: Proceedings of the 34th ACM\/SIGAPP Symposium on Applied Computing, pp. 1492\u20131499. Association for Computing Machinery, New York (2019). https:\/\/doi.org\/10.1145\/3297280.3297431","DOI":"10.1145\/3297280.3297431"},{"key":"16_CR34","doi-asserted-by":"publisher","unstructured":"Ahmadian, A.S., J\u00fcrjens, J., Str\u00fcber, D.: Extending model-based privacy analysis for the industrial data space by exploiting privacy level agreements. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp. 1142\u20131149. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3167132.3167256","DOI":"10.1145\/3167132.3167256"},{"key":"16_CR35","doi-asserted-by":"publisher","unstructured":"Kupfersberger, V., Schaberreiter, T., Quirchmayr, G.: Security-driven information flow modelling for component integration in complex environments. In: Proceedings of the 10th International Conference on Advances in Information Technology. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3291280.3291797","DOI":"10.1145\/3291280.3291797"},{"key":"16_CR36","doi-asserted-by":"publisher","unstructured":"Coroller, S., Chabridon, S., Laurent, M., Conan, D., Leneutre, J.: Position paper: towards end-to-end privacy for publish\/subscribe architectures in the internet of things. In: Proceedings of the 5th Workshop on Middleware and Applications for the Internet of Things. pp. 35\u201340. Association for Computing Machinery, New York (2018). https:\/\/doi.org\/10.1145\/3286719.3286727","DOI":"10.1145\/3286719.3286727"},{"key":"16_CR37","doi-asserted-by":"publisher","unstructured":"Notario, N., Ciceri, E., Crespo, A., Real, E.G., Catallo, I., Vicini, S.: Orchestrating privacy enhancing technologies and services with BPM tools: the WITDOM data protection orchestrator. In: Proceedings of the 12th International Conference on Availability, Reliability and Security. Association for Computing Machinery, New York (2017). https:\/\/doi.org\/10.1145\/3098954.3104057","DOI":"10.1145\/3098954.3104057"},{"key":"16_CR38","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1108\/ICS-04-2019-0052","volume":"26","author":"V Diamantopoulou","year":"2019","unstructured":"Diamantopoulou, V., Mouratidis, H.: Practical evaluation of a reference architecture for the management of privacy level agreements. Inf. Comput. Secur. 26, 711\u2013730 (2019). https:\/\/doi.org\/10.1108\/ICS-04-2019-0052","journal-title":"Inf. Comput. Secur."},{"key":"16_CR39","doi-asserted-by":"publisher","unstructured":"Lodge, T., Crabtree, A.: Privacy engineering for domestic IoT: enabling due diligence. Sensors (Switzerland) 19, 4380 (2019). https:\/\/doi.org\/10.3390\/s19204380","DOI":"10.3390\/s19204380"},{"key":"16_CR40","doi-asserted-by":"publisher","unstructured":"Abdulghani, H.A., Nijdam, N.A., Collen, A., Konstantas, D.: A study on security and privacy guidelines, countermeasures, threats: IoT data at rest perspective. Symmetry 11, 774 (2019). https:\/\/doi.org\/10.3390\/sym11060774","DOI":"10.3390\/sym11060774"},{"key":"16_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-030-27813-7_6","volume-title":"Trust, Privacy and Security in Digital Business","author":"L Piras","year":"2019","unstructured":"Piras, L., et al.: DEFeND architecture: a privacy by design platform for GDPR compliance. In: Gritzalis, S., Weippl, E. R., Katsikas, S. K., Anderst-Kotsis, G., Tjoa, A. M., Khalil, I. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 78\u201393. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-27813-7_6"},{"key":"16_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/978-3-030-33752-0_6","volume-title":"Heterogeneous Data Management, Polystores, and Analytics for Healthcare","author":"J Mohan","year":"2019","unstructured":"Mohan, J., Wasserman, M., Chidambaram, V.: Analyzing GDPR compliance through the lens of privacy policy. In: Gadepally, V., et al. (eds.) DMAH\/Poly -2019. LNCS, vol. 11721, pp. 82\u201395. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-33752-0_6"},{"key":"16_CR43","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/978-3-030-21297-1_2","volume-title":"Information Systems Engineering in Responsible Information Systems: CAiSE Forum 2019, Rome, Italy, June 3\u20137, 2019, Proceedings","author":"S Agostinelli","year":"2019","unstructured":"Agostinelli, S., Maggi, F. M., Marrella, A., Sapio, F.: Achieving GDPR compliance of BPMN process models. In: Cappiello, C., Ruiz, M. (eds.) Information Systems Engineering in Responsible Information Systems: CAiSE Forum 2019, Rome, Italy, June 3\u20137, 2019, Proceedings, pp. 10\u201322. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-21297-1_2"},{"key":"16_CR44","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/978-3-030-16744-8_11","volume":"547","author":"A Gabel","year":"2019","unstructured":"Gabel, A., Schiering, I.: Privacy patterns for pseudonymity. IFIP Adv. Inf. Commun. Technol. 547, 155\u2013172 (2019). https:\/\/doi.org\/10.1007\/978-3-030-16744-8_11","journal-title":"IFIP Adv. Inf. Commun. Technol."},{"key":"16_CR45","unstructured":"Martino, M.D., Robyns, P., Weyts, W., Quax, P., Lamotte, W., Andries, K.: Personal information leakage by abusing the GDPR right of access. In: Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019, pp. 371\u2013386 (2019)"},{"key":"16_CR46","unstructured":"Muntes-Mulero, V., Dominiaky, J., Gonzalezz, E., Sanchez-Charles, D.: Model-driven evidence-based privacy risk control in trustworthy smart IoT systems. In: CEUR Workshop Proceedings, pp. 23\u201330 (2019)"},{"key":"16_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1007\/978-3-030-27813-7_4","volume-title":"Trust, Privacy and Security in Digital Business","author":"N Gol Mohammadi","year":"2019","unstructured":"Gol Mohammadi, N., Leicht, J., Ulfat-Bunyadi, N., Heisel, M.: Privacy policy specification framework for addressing end-users\u2019 privacy requirements. In: Gritzalis, S., Weippl, E. R., Katsikas, S. K., Anderst-Kotsis, G., Tjoa, A. M., Khalil, I. (eds.) TrustBus 2019. LNCS, vol. 11711, pp. 46\u201362. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-27813-7_4"},{"key":"16_CR48","doi-asserted-by":"publisher","unstructured":"Ataei, M., Degbelo, A., Kray, C., Santos, V.: Complying with privacy legislation: From legal text to implementation of privacy-aware location-based services. ISPRS Int. J. Geo-Inf. 7, (2018). https:\/\/doi.org\/10.3390\/ijgi7110442","DOI":"10.3390\/ijgi7110442"},{"key":"16_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-319-98379-0_4","volume-title":"Provenance and Annotation of Data and Processes","author":"B Ujcich","year":"2018","unstructured":"Ujcich, B., Bates, A., Sanders, W.: A Provenance model for the European union general data protection regulation. In: Belhajjame, K., Gehani, A., Alper, P. (eds.) IPAW 2018. LNCS, vol. 11017, pp. 45\u201357. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98379-0_4"},{"key":"16_CR50","unstructured":"Pandit, H.J., O\u2019Sullivan, D., Lewis, D.: An ontology design pattern for describing personal data in privacy policies. In: CEUR Workshop Proceedings, pp. 29\u201339 (2018)"},{"key":"16_CR51","unstructured":"Palmirani, M., Rossi, A., Martoni, M., Hagan, M.: A methodological framework to design a machine-readable privacy icon set. In: Jusletter IT (2018)"},{"key":"16_CR52","doi-asserted-by":"crossref","unstructured":"Fernandes, M., Da Silva, A.R., Gon\u00e7alves, A.: specification of personal data protection requirements: analysis of legal requirements from the GDPR regulation. In: ICEIS 2018 - Proceedings of the 20th International Conference on Enterprise Information Systems, pp. 398\u2013405 (2018)","DOI":"10.5220\/0006810603980405"},{"key":"16_CR53","doi-asserted-by":"publisher","unstructured":"O\u2019Connor, Y., Rowan, W., Lynch, L., Heavin, C.: Privacy by design: informed consent and internet of things for smart health. In: Procedia Computer Science, pp. 653\u2013658 (2017). https:\/\/doi.org\/10.1016\/j.procs.2017.08.329","DOI":"10.1016\/j.procs.2017.08.329"},{"key":"16_CR54","unstructured":"Diamantopoulou, V., Angelopoulos, K., Pavlidis, M., Mouratidis, H.: A metamodel for GDPR-based privacy level agreements. In: CEUR Workshop Proceedings, pp. 299\u2013305 (2017)"},{"key":"16_CR55","unstructured":"Mart\u00edn, Y.-S., Del \u00c1lamo, J.M.: A meta model for privacy engineering methods. In: CEUR Workshop Proceedings, pp. 41\u201348 (2017)"},{"key":"16_CR56","unstructured":"Fatema, K., Hadziselimovic, E., Pandit, H., Debruyne, C., Lewis, D., O\u2019Sullivan, D.: Compliance through informed consent: Semantic based consent permission and data management model. In: CEUR Workshop Proceedings (2017)"},{"key":"16_CR57","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1007\/978-3-319-58469-0_29","volume-title":"ICT Systems Security and Privacy Protection","author":"R Meis","year":"2017","unstructured":"Meis, R., Heisel, M.: Towards systematic privacy and operability (PRIOP) studies. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 427\u2013441. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-58469-0_29"},{"key":"16_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/978-3-319-64483-7_6","volume-title":"Trust, Privacy and Security in Digital Business","author":"D Spagnuelo","year":"2017","unstructured":"Spagnuelo, D., Bartolini, C., Lenzini, G.: Modelling metrics for transparency in medical systems. In: Lopez, J., Fischer-H\u00fcbner, S., Lambrinoudakis, C. (eds.) TrustBus 2017. LNCS, vol. 10442, pp. 81\u201395. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-64483-7_6"},{"key":"16_CR59","doi-asserted-by":"publisher","unstructured":"Pardo, R., Le M\u00e9tayer, D.: Analysis of privacy policies to enhance informed consent. In: Foley, S. (eds.) Data and Applications Security and Privacy XXXIII. DBSec 2019. Lecture Notes in Computer Science, vol. 11559, pp. 177\u2013198, Springer, Cham https:\/\/doi.org\/10.1007\/978-3-030-22479-0_10","DOI":"10.1007\/978-3-030-22479-0_10"},{"key":"16_CR60","doi-asserted-by":"crossref","unstructured":"Spagnuelo, D., Ferreira, A., Lenzini, G.: Accomplishing transparency within the general data protection regulation. In: 5th International Conference on Information Systems Security and Privacy. To appear (2018)","DOI":"10.5220\/0007366501140125"},{"key":"16_CR61","doi-asserted-by":"publisher","unstructured":"Alshammari, M., Simpson, A.: Towards a principled approach for engineering privacy by design. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds.) Privacy Technologies and Policy, APF 2017. Lecture Notes in Computer Science, vol. 10518, pp. 161\u2013177. Springer, Cham https:\/\/doi.org\/10.1007\/978-3-319-67280-9_9","DOI":"10.1007\/978-3-319-67280-9_9"},{"key":"16_CR62","doi-asserted-by":"publisher","unstructured":"Alshammari, M., Simpson, A.: A UML profile for privacy-aware data lifecycle models. In: Katsikas, S. et al. (eds.) Computer Security, SECPRE 2017, CyberICPS 2017, Lecture Notes in Computer Science, vol. 10683, pp. 189\u2013209 Springer, Cham. https:\/\/doi.org\/10.1007\/978-3-319-72817-9_13","DOI":"10.1007\/978-3-319-72817-9_13"},{"key":"16_CR63","doi-asserted-by":"crossref","unstructured":"Diamantopoulou, V., Argyropoulos, N., Kalloniatis, C., Gritzalis, S.: Supporting the design of privacy-aware business processes via privacy process patterns. In: 2017 11th International Conference on Research Challenges in Information Science (RCIS), pp. 187\u2013198. IEEE (2017)","DOI":"10.1109\/RCIS.2017.7956536"},{"key":"16_CR64","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/978-3-030-21297-1_17","volume-title":"Information Systems Engineering in Responsible Information Systems: CAiSE Forum 2019, Rome, Italy, June 3\u20137, 2019, Proceedings","author":"J Michael","year":"2019","unstructured":"Michael, J., Koschmider, A., Mannhardt, F., Baracaldo, N., Rumpe, B.: User-centered and privacy-driven process mining system design for IoT. In: Cappiello, C., Ruiz, M. (eds.) Information Systems Engineering in Responsible Information Systems: CAiSE Forum 2019, Rome, Italy, June 3\u20137, 2019, Proceedings, pp. 194\u2013206. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-21297-1_17"},{"issue":"1","key":"16_CR65","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/s10664-017-9517-1","volume":"23","author":"I Hadar","year":"2017","unstructured":"Hadar, I., et al.: Privacy by designers: software developers\u2019 privacy mindset. Empirical Softw. Eng. 23(1), 259\u2013289 (2017). https:\/\/doi.org\/10.1007\/s10664-017-9517-1","journal-title":"Empirical Softw. Eng."},{"key":"16_CR66","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-662-57932-9_2","volume-title":"Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVII","author":"A Gerl","year":"2018","unstructured":"Gerl, A., Bennani, N., Kosch, H., Brunie, L.: LPL, towards a GDPR-compliant privacy language: formal definition and\u00a0usage. In: Hameurlain, A., Wagner, R. (eds.) Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVII, pp. 41\u201380. Springer, Berlin (2018). https:\/\/doi.org\/10.1007\/978-3-662-57932-9_2"},{"key":"16_CR67","unstructured":"Ferrara, P., Spoto, F.: Static analysis for GDPR compliance. In: ITASEC (2018)"},{"key":"16_CR68","doi-asserted-by":"crossref","unstructured":"Sion, L., Van Landuyt, D., Wuyts, K., Joosen, W.: Privacy risk assessment for data subject-aware threat modeling. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 64\u201371. IEEE (2019)","DOI":"10.1109\/SPW.2019.00023"},{"key":"16_CR69","doi-asserted-by":"crossref","unstructured":"Hillen, C.: The pseudonym broker privacy pattern in medical data collection. In: 2015 IEEE Trustcom\/BigDataSE\/ISPA, pp. 999\u20131005. IEEE (2015)","DOI":"10.1109\/Trustcom.2015.475"},{"key":"16_CR70","doi-asserted-by":"crossref","unstructured":"Kung, A., et al.: A privacy engineering framework for the internet of things. In: Kung, A., et al.: A privacy engineering framework for the internet of things. In: Data Protection and Privacy: (In) visibilities and Infrastructures, pp. 163\u2013202. Springer, Cham (2017)","DOI":"10.1007\/978-3-319-50796-5_7"},{"key":"16_CR71","unstructured":"Roig, A.: Safeguards for the right not to be subject to a decision based solely on automated processing (Article 22 GDPR). Eur. J. Law Technol. 8, (2018)"},{"key":"16_CR72","doi-asserted-by":"publisher","unstructured":"Roubtsova, E., Roubtsov, S., Alp\u00e1r, G.: Presence patterns and privacy analysis. In: Shishkov, B. (ed) Business Modeling and Software Design, BMSD 2018, Lecture Notes in Business Information Processing, vol. 319, pp. 298\u2013307. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-94214-8_21","DOI":"10.1007\/978-3-319-94214-8_21"},{"key":"16_CR73","doi-asserted-by":"crossref","unstructured":"Betzing, J.H., Tietz, M., vom Brocke, J., Becker, J.: The impact of transparency on mobile privacy decision making. Electron. Markets 1\u201319 (2019)","DOI":"10.1007\/s12525-019-00332-3"},{"key":"16_CR74","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MC.2016.337","volume":"49","author":"X Su","year":"2016","unstructured":"Su, X., et al.: Privacy as a service: protecting the individual in healthcare data processing. Computer 49, 49\u201359 (2016)","journal-title":"Computer"},{"key":"16_CR75","unstructured":"G Kar\u00e1csony, G.: Managing Personal Data in a Digital Environment-Did GDPR\u2019s Concept of Informed Consent Really Give Us Control? In: International Conference on Computer Law, AI, Data Protection & The Biggest Tech Trends. (2019)."},{"key":"16_CR76","unstructured":"Li, Z.S., Werner, C., Ernst, N., Damian, D.: GDPR Compliance in the Context of Continuous Integration. arXiv preprint arXiv:2002.06830. (2020)"},{"key":"16_CR77","doi-asserted-by":"crossref","unstructured":"Loruenser, T., P\u00f6hls, H.C., Sell, L., Laenger, T.: CryptSDLC: Embedding cryptographic engineering into secure software development lifecycle. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1\u20139 (2018)","DOI":"10.1145\/3230833.3233765"},{"key":"16_CR78","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-319-44924-1_6","volume-title":"Designing, Developing, and Facilitating Smart Cities","author":"L A Martucci","year":"2017","unstructured":"Martucci, L. A., Fischer-H\u00fcbner, S., Hartswood, M., Jirotka, M.: Privacy and social values in smart cities. In: Angelakis, Vangelis, Tragos, Elias, P\u00f6hls, Henrich C., Kapovits, Adam, Bassi, Alessandro (eds.) Designing, Developing, and Facilitating Smart Cities, pp. 89\u2013107. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-44924-1_6"},{"key":"16_CR79","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-319-50953-2_17","volume-title":"New Frontiers in Artificial Intelligence","author":"C Bartolini","year":"2017","unstructured":"Bartolini, C., Muthuri, R., Santos, C.: Using ontologies to model data protection requirements in workflows. In: Otake, M., Kurahashi, S., Ota, Y., Satoh, K., Bekki, D. (eds.) New Frontiers in Artificial Intelligence, pp. 233\u2013248. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-50953-2_17"},{"key":"16_CR80","doi-asserted-by":"crossref","unstructured":"Sion, L., Yskout, K., Van Landuyt, D., Joosen, W.: Solution-aware data flow diagrams for security threat modeling. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing. pp. 1425\u20131432 (2018)","DOI":"10.1145\/3167132.3167285"},{"key":"16_CR81","doi-asserted-by":"crossref","unstructured":"Neisse, R., Baldini, G., Steri, G., Mahieu, V.: Informed consent in internet of things: the case study of cooperative intelligent transport systems. In: 2016 23rd International Conference on Telecommunications (ICT). pp. 1\u20135. IEEE (2016)","DOI":"10.1109\/ICT.2016.7500480"},{"key":"16_CR82","unstructured":"Alshammari, M., Simpson, A.: Personal Data Management for Privacy Engineering: An Abstract Personal Data Lifecycle Model. Oxford, UK, CS-RR-17\u201302 (2017)"},{"key":"16_CR83","doi-asserted-by":"crossref","unstructured":"Stach, C., Steimle, F.: Recommender-based privacy requirements elicitation-EPICUREAN: an approach to simplify privacy settings in IoT applications with respect to the GDPR. In: Proceedings of the 34th ACM\/SIGAPP Symposium on Applied Computing, pp. 1500\u20131507 (2019)","DOI":"10.1145\/3297280.3297432"},{"key":"16_CR84","doi-asserted-by":"crossref","unstructured":"Custers, B., Dechesne, F., Pieters, W., Schermer, B.W., van der Hof, S.: Consent and privacy. In: M\u00fcller A., Schaber, P. (eds.) The Routledge Handbook of the Ethics of Consent. Routledge, London, pp. 247\u2013258 (2018)","DOI":"10.4324\/9781351028264-23"},{"key":"16_CR85","doi-asserted-by":"crossref","unstructured":"Agarwal, S., Steyskal, S., Antunovic, F., Kirrane, S.: Legislative compliance assessment: framework, model and GDPR instantiation. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) Privacy Technologies and Policy, APF 2018, Lecture Notes in Computer Science, vol. 11079, pp. 131\u2013149. Springer, Cham (2018)","DOI":"10.1007\/978-3-030-02547-2_8"},{"issue":"1-2","key":"16_CR86","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/s00450-019-00418-5","volume":"35","author":"S Besik","year":"2019","unstructured":"Besik, S., Freytag, J.-C.: A formal approach to build privacy-awareness into clinical workflows. SICS Softw-Intensive Cyber-Phys. Syst. 35(1\u20132), 141\u2013152 (2019). https:\/\/doi.org\/10.1007\/s00450-019-00418-5","journal-title":"SICS Softw-Intensive Cyber-Phys. Syst."},{"key":"16_CR87","doi-asserted-by":"publisher","unstructured":"Hyysalo, J., Hirvonsalo, H., Sauvola, J., Tuoriniemi, S.: Consent management architecture for secure data transactions. In: ICSOFT 2016 - Proceedings of the 11th International Joint Conference on Software Technologies, pp. 125\u2013132 (2016). https:\/\/doi.org\/10.5220\/0005941301250132","DOI":"10.5220\/0005941301250132"},{"key":"16_CR88","doi-asserted-by":"crossref","unstructured":"Wachter, S.: GDPR and the Internet of Things: Guidelines to Protect Users\u2019 Identity and Privacy. SSRN (2018)","DOI":"10.2139\/ssrn.3130392"},{"key":"16_CR89","doi-asserted-by":"publisher","unstructured":"Al-Momani, A., Kargl, F., Schmidt, R., Kung, A., B\u00f6sch, C.: A privacy-aware v-model for software development. In: 2019 IEEE Security and Privacy Workshops (SPW), pp. 100\u2013104 (2019). https:\/\/doi.org\/10.1109\/SPW.2019.00028","DOI":"10.1109\/SPW.2019.00028"},{"key":"16_CR90","unstructured":"University of Maryland Study: Hackers Attack Every 39 Seconds. https:\/\/eng.umd.edu\/news\/story\/study-hackers-attack-every-39-seconds. Accessed 02 Nov 2021"},{"key":"16_CR91","doi-asserted-by":"crossref","unstructured":"IBM Security Cost of a Data Breach Report 2020 https:\/\/www.ibm.com\/security\/data-breach. Accessed 02 Nov 2021","DOI":"10.1016\/S1361-3723(21)00082-8"},{"key":"16_CR92","unstructured":"Cavoukian, A.: Privacy by design: The 7 foundational principles. Inf. Priv. Commissioner 5, 12 (2009)"},{"issue":"4","key":"16_CR93","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/s10272-017-0676-5","volume":"52","author":"M Sobolewski","year":"2017","unstructured":"Sobolewski, M., Mazur, J., Pali\u0144ski, M.: Gdpr: a step towards a user-centric internet? Intereconomics 52(4), 207\u2013213 (2017)","journal-title":"Intereconomics"},{"issue":"8","key":"16_CR94","doi-asserted-by":"publisher","first-page":"685","DOI":"10.1016\/S0167-4048(03)00007-5","volume":"22","author":"J Leach","year":"2003","unstructured":"Leach, J.: Improving user security behaviour. Comput. Secur. 22(8), 685\u2013692 (2003)","journal-title":"Comput. Secur."},{"issue":"7","key":"16_CR95","doi-asserted-by":"publisher","first-page":"620","DOI":"10.1016\/S0167-4048(01)00712-X","volume":"20","author":"EE Schultz","year":"2001","unstructured":"Schultz, E.E., Proctor, R.W., Lien, M.C., Salvendy, G.: Usability and security an appraisal of usability issues in information security methods. Comput. Secur. 20(7), 620\u2013634 (2001)","journal-title":"Comput. Secur."},{"key":"16_CR96","unstructured":"Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: an empirical study of SSL warning effectiveness. In: USENIX security symposium (SSYM 2009), pp. 399\u2013416 (2009)"},{"issue":"12","key":"16_CR97","doi-asserted-by":"publisher","first-page":"1231","DOI":"10.1016\/j.advengsoft.2009.01.024","volume":"40","author":"J Mu\u00f1oz-Arteaga","year":"2009","unstructured":"Mu\u00f1oz-Arteaga, J., Gonz\u00e1lez, R.M., Martin, M.V., Vanderdonckt, J., \u00c1lvarez-Rodr\u00edguez, F.: A methodology for designing information security feedback based on user interface patterns. Adv. Eng. Softw. 40(12), 1231\u20131241 (2009)","journal-title":"Adv. Eng. Softw."},{"key":"16_CR98","doi-asserted-by":"crossref","unstructured":"Urquhart, L., Rodden, T: A Legal Turn in Human Computer Interaction? Towards \u201cRegulation by Design\u201d for the Internet of Things. Available at SSRN: https:\/\/ssrn.com\/abstract=2746467 (2016)","DOI":"10.2139\/ssrn.2746467"},{"key":"16_CR99","doi-asserted-by":"crossref","unstructured":"Martin, Y.S., Kung, A.: Methods and tools for GDPR compliance through privacy and data protection engineering. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 108\u2013111 (2018)","DOI":"10.1109\/EuroSPW.2018.00021"},{"key":"16_CR100","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1007\/978-3-642-55415-5_38","volume-title":"ICT Systems Security and Privacy Protection","author":"J-H Hoepman","year":"2014","unstructured":"Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446\u2013459. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55415-5_38"},{"key":"16_CR101","first-page":"1","volume":"33","author":"B Kitchenham","year":"2004","unstructured":"Kitchenham, B.: Procedures for performing systematic reviews. Keele UK Keele Univ. 33, 1\u201326 (2004)","journal-title":"Keele UK Keele Univ."},{"key":"16_CR102","first-page":"13","volume-title":"Security and Usability: Designing secure systems that people can use","author":"MA Sasse","year":"2005","unstructured":"Sasse, M.A., Flechais, I.: Usable security: why do we need it? how do we get it? In: Cranor, L.F., Garfinkel, S. (eds.) Security and Usability: Designing secure systems that people can use, pp. 13\u201330. O\u2019Reilly, Sebastopol (2005)"}],"container-title":["Lecture Notes in Computer Science","HCI for Cybersecurity, Privacy and Trust"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-77392-2_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T22:10:53Z","timestamp":1751494253000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-77392-2_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030773915","9783030773922"],"references-count":102,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-77392-2_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"3 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HCII","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Human-Computer Interaction","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"hcii2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/2021.hci.international\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}