Privacy by Design in Agile Software Development
Viitaniemi, Mikael (2017)
2017
Tietotekniikka
Tieto- ja sähkötekniikan tiedekunta - Faculty of Computing and Electrical Engineering
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2017-12-07
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201711162157
https://urn.fi/URN:NBN:fi:tty-201711162157
Tiivistelmä
With privacy concerns on the rise, the European Commission passed the General Data Protection Regulation (GDPR) which forces all software manufacturers to employ the privacy by design principles starting from the design phase of development. The privacy by design approach has been pushed into regulation as the ultimate solution by some, but very little information is given on applying the approach in practice. Very little information is also available on enforcement of the regulatory side of privacy by design which makes evaluation of compliance difficult.
This thesis explores the state of privacy by design implementation and attempts to formulate a model for adhering to the privacy by design principles in an iterative agile software development methodology. This model is fully integrated into the Scrum software development model and provides the developers with an improved view into the compliance state of their product during development through employment of visual documentation practices. Additional focus is given to other regulatory demands of the GDPR. Compatibility with other privacy oriented development frameworks is also considered.
Furthermore, this thesis explores the criticism and benefits on privacy by design from both an implementation and regulatory point of view in Europe and in other jurisdictions. These criticisms and benefits are evaluated against the agile integrated model. The state of privacy by design in the global privacy community is a positive development, but some global privacy threats are also discussed.
This thesis explores the state of privacy by design implementation and attempts to formulate a model for adhering to the privacy by design principles in an iterative agile software development methodology. This model is fully integrated into the Scrum software development model and provides the developers with an improved view into the compliance state of their product during development through employment of visual documentation practices. Additional focus is given to other regulatory demands of the GDPR. Compatibility with other privacy oriented development frameworks is also considered.
Furthermore, this thesis explores the criticism and benefits on privacy by design from both an implementation and regulatory point of view in Europe and in other jurisdictions. These criticisms and benefits are evaluated against the agile integrated model. The state of privacy by design in the global privacy community is a positive development, but some global privacy threats are also discussed.