


























Abstract:Privacy obligations under GDPR increasingly shape software engineering. We synthesize 90 studies from 2018 to 2025 using a systematic review with thematic synthesis to chart privacy engineering. Thirteen dimensions form two recurrent cores: Privacy Enhancing Technologies (PETs) with Privacy Metrics (PM) and Verification and Testing (VT) and Governance and Accountability (GA) with Transparency and Communication (TC) and Organizational Measures (OM). Modeling and Specification (MS) mediates between the cores. Lifecycle mapping shows concentrations at requirements and design (MS, GA), at implementation and verification (PETs, VT, PM, TC) and at operation and decommissioning (GA, OM, Data Subject Rights Management (DSRM), Incident Response and Management (IRM), Lifelong Management (LM)). Handoffs link models to rules and tests, mechanisms to metrics and deployments such as enclaves and ledgers to governance records. Domains reweight but do not alter structure: healthcare weights GA with VT and PETs, IoT and edge weight PETs with VT and PM at device and edge, web measurement weights TC with VT, AI and ML weight PETs with PM. IRM, LM and Data Minimization and Purpose Limitation (DMPL) are less often primary foci, signaling priorities for future work. The results provide a practical map and a replication-ready scaffold for assessment and updates.
From: Nemania Borovits [view email]
[v1]
Thu, 30 Apr 2026 10:03:29 UTC (1,474 KB)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。