Search papers, labs, and topics across Lattice.
This paper explores the limited adoption of privacy-enhancing technologies (PETs) in software engineering, despite their recognized importance for regulatory compliance and user privacy. By employing a requirements engineering (RE) perspective, the authors identify key challenges faced by various stakeholders, including technical complexity and insufficient training, that hinder effective implementation. The key finding emphasizes that addressing the complementary engineering, business, and legal viewpoints through explicit RE practices can significantly enhance stakeholder coordination and facilitate PET adoption.
Ignoring the interplay between engineering, business, and legal perspectives can doom privacy-enhancing technologies to failure in software systems.
In recent decades, privacy-enhancing technologies (PETs) have been recognized as a means of meeting regulatory and user privacy requirements in software systems that process personal data. Despite substantial research efforts, support from regulators, contributions by large technology companies such as Google and Microsoft, and growing interest among software practitioners, the practical adoption of PETs remains limited. Existing research consistently identifies recurring challenges to PETs adoption in SE, such as technical complexity and insufficient training. Despite ongoing research efforts, these challenges largely remain unresolved in practice. In this industrial challenge paper, we apply a practical, requirements engineering (RE)-driven perspective to examine challenges to PET adoption across multiple stakeholder groups (PET developers, integrators, and adopters) as well as across different disciplinary perspectives (engineering, law, and business). We argue that RE can facilitate the adoption of PETs by systematically addressing each of the complementary engineering, business, and legal viewpoints on privacy. Neglecting challenges in any of these viewpoints (e.g., the impact of PETs on software architecture, their business implications, and their contribution to regulatory compliance) can increase the impediments or even lead to implementation failure. In practice, explicit specification of these viewpoints within RE can enable meaningful coordination among stakeholders to more effectively realize the benefits of PETs in software engineering.