nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Privacy Engineering in the Data Mesh: Towards a Decentralized Data Privacy Governance Framework

verfasst von : Nemania Borovits, Indika Kumara, Damian A. Tamburri, Willem-Jan Van Den Heuvel

Erschienen in: Service-Oriented Computing – ICSOC 2023 Workshops

Verlag: Springer Nature Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Privacy engineering, emphasizing data protection during the design, build, and maintenance of software systems, faces new challenges and opportunities in the emerging decentralized data architectures, namely data mesh. By decentralizing data product ownership across domains, data mesh offers a novel paradigm to rethink how privacy principles are incorporated and maintained in modern system architectures. This paper introduces a conceptual framework that integrates privacy engineering principles with the decentralized nature of data mesh. Our approach provides a holistic view, capturing essential dimensions from both domains. We explore the intersections of privacy engineering and data mesh dimensions and provide guidelines for the stakeholders of a data mesh initiative to embed better data privacy controls. Our framework aims to offer a blueprint to ensure robust privacy practices are inherent, not just additive, during the adoption of data mesh.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Formalizing Microservices Patterns with Event-B: The Case of Service Registry

Nächstes Kapitel Towards a Taxonomy and Software Architecture for Data Processing and Contextualization for the Internet of Things

Agarwal, V., et al.: Compliance-as-code for cybersecurity automation in hybrid cloud. In: 2022 IEEE 15th International Conference on Cloud Computing (CLOUD), pp. 427–437 (2022)

Antignac, T., Sands, D., Schneider, G.: Data minimisation: a language-based approach. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 442–456. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_30CrossRef

Bier, C., Birnstill, P., Krempel, E., Vagts, H., Beyerer, J.: Enhancing privacy by design from a developer’s perspective. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 73–85. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54069-1_5CrossRef

Cavoukian, A., et al.: Privacy by design: the 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5, 12 (2009)

Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 647–651 (2012)

Cranor, L.: Web Privacy with P3P. O’Reilly Media Inc., Sebastopol (2002)

Cranor, L.F.: Necessary but not sufficient: standardized mechanisms for privacy notice and choice. J. Telecommun. High Technol. Law 10, 273 (2012)

Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V., et al.: Blockchain technology: beyond bitcoin. Appl. Innov. 2(6–10), 71 (2016)

Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)

10.

De Montjoye, Y.A., Rocher, L., Pentland, A.S.: bandicoot: a python toolbox for mobile phone metadata. J. Mach. Learn. Res. 17(1), 6100–6104 (2016)MathSciNet

11.

Dehghani, Z.: Data Mesh Delivering Data-Driven Value at Scale. O’Reilly Media, Sebastopol (2022)

12.

Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_5CrossRef

13.

El Emam, K., Dankar, F.K.: Protecting privacy using k-anonymity. J. Am. Med. Inform. Assoc. 15(5), 627–637 (2008)CrossRef

14.

Fang, L., LeFevre, K.: Privacy wizards for social networking sites. In: Proceedings of the 19th International Conference on World Wide Web, pp. 351–360 (2010)

15.

Friedland, G., Sommer, R.: Cybercasing the joint: on the privacy implications of geo-tagging. In: 5th USENIX Workshop on Hot Topics in Security (HotSec 2010) (2010)

16.

Goedegebuure, A., et al.: Data mesh: a systematic gray literature review. arXiv preprint arXiv:2304.01062 (2023)

17.

Grünewald, E.: Cloud native privacy engineering through DevPrivOps. In: Friedewald, M., Krenn, S., Schiering, I., Schiffner, S. (eds.) Privacy and Identity 2021. IAICT, vol. 644, pp. 122–141. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99100-5_10CrossRef

18.

Heurix, J., Zimmermann, P., Neubauer, T., Fenz, S.: A taxonomy for privacy enhancing technologies. Comput. Secur. 53, 1–17 (2015)CrossRef

19.

Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38CrossRef

20.

Jarmul, K.: Privacy-first data via data mesh (2022). https://www.thoughtworks.com/insights/articles/privacy-first-data-via-data-mesh

21.

Khatri, V., Brown, C.V.: Designing data governance. Commun. ACM 53(1), 148–152 (2010)CrossRef

22.

Kumara, I., Kayes, A.S.M., Mundt, P., Schneider, R.: Data governance. In: Liebregts, W., van den Heuvel, W.-J., van den Born, A. (eds.) Data Science for Entrepreneurship. CCB, pp. 37–62. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-19554-9_3CrossRef

23.

Lăzăroiu, G., Kovacova, M., Kliestikova, J., Kubala, P., Valaskova, K., Dengov, V.V.: Data governance and automated individual decision-making in the digital privacy general data protection regulation. Administratie si Manag. Public 31, 132–142 (2018)

24.

de Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3(1), 1376 (2013)CrossRef

25.

Newman, S.: Building Microservices. O’Reilly Media Inc., Sebastopol (2021)

26.

Otto, P.N., Antón, A.I.: Addressing legal requirements in requirements engineering: a systematic literature review. IEEE Trans. Softw. Eng. 43(2), 158–171 (2017)

27.

Pardau, S.L.: The California consumer privacy act: towards a European-style privacy regime in the United States. J. Tech. L. & Pol’y 23, 68 (2018)

28.

General Data Protection Regulation: Regulation (EU) 2016/679 of the European parliament and of the council. Regulation (EU) 679/2016 (2016)

29.

Richards, M.: Microservices vs. Service-Oriented Architecture. O’Reilly Media, Sebastopol (2015)

30.

Schneider, S., Sunyaev, A.: Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing. J. Inf. Technol. 31, 1–31 (2016). https://doi.org/10.1057/jit.2014.25CrossRef

31.

Spiekermann, S., Korunovska, J., Langheinrich, M.: Inside the organization: why privacy and security engineering is a challenge for engineers. Proc. IEEE 107(3), 600–615 (2018)CrossRef

32.

Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)MathSciNetCrossRef

33.

Voigt, P., von dem Bussche, A.: Enforcement and fines under the GDPR. In: Voigt, P., von dem Bussche, A. (eds.) The EU General Data Protection Regulation (GDPR), pp. 201–217. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57959-7_7CrossRef

34.

Wider, A., Verma, S., Akhtar, A.: Decentralized data governance as part of a data mesh platform: concepts and approaches. In: 2023 IEEE International Conference on Web Services (ICWS), pp. 746–754 (2023)

35.

Williams, J., Nee, L.: Privacy engineering. Computer 55(10), 113–118 (2022)CrossRef

36.

Xu, R., Baracaldo, N., Joshi, J.: Privacy-preserving machine learning: methods, challenges and directions. arXiv preprint arXiv:2108.04417 (2021)

Titel: Privacy Engineering in the Data Mesh: Towards a Decentralized Data Privacy Governance Framework
verfasst von: Nemania Borovits
Indika Kumara
Damian A. Tamburri
Willem-Jan Van Den Heuvel
Verlag: Springer Nature Singapore
Buch: Service-Oriented Computing – ICSOC 2023 Workshops
Print ISBN: 978-981-9709-88-5

Electronic ISBN: 978-981-9709-89-2

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-981-97-0989-2_21

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner