Privacy by Design and Software Engineering: a Systematic Literature Review

Service providers increasingly collect, process, store, and share data from their users to understand their preferences to make better decisions and make accurate estimates for the delivery of advertisements, products, and services. However, the misuse of personal data puts the privacy of the data subjects at risk. In addition, privacy can directly affect the quality of the software product. In an attempt to minimize these problems, the Privacy by Design approach has been proposed to ensure that privacy requirements are incorporated from the early stages of system development and applied to the entire data lifecycles. Meanwhile, Privacy by Design is often criticized due to its lack of specific methodology and tools capable of translating its principles into practical Software Engineering activities. Therefore, this research aims to investigate, through a systematic literature review, how Privacy by Design principles have been applied in the Software Engineering area. The search retrieved 6046 primary articles, published up to May 2022. After applying the inclusion and exclusion criteria, 75 primary studies were selected for analysis. The results show that there is a lack of models, processes, and tools to support Privacy by Design throughout the software development lifecycle and that it has become more relevant considering the requirements of the General Data Protection Regulation (GDPR).