Models for privacy engineering

Wednesday, December 21, 2022 - 02:02 by Antonio Kung

Sharing practices for privacy engineering based on models

This interest group focuses on the sharing of practices for privacy engineering based on the use of  models:

  • To foster exchange of ideas and explanation. This is a universal practice, as pointed out by the national science teaching association, which has developed a practice program which leverages models as helpful tools for representing ideas and explanations. These tools include diagrams, drawings, physical replicas, mathematical representations, analogies, and computer simulations (
  • To support engineering. INCOSE defines model-based systems engineering (MBSE) as the formalized application of modeling to support system requirements, design, analysis, verification and validation activities beginning in the conceptual design phase and continuing throughout development and later life cycle phases (

Models can be used

  • as a common language for descriptive capabilities, so that system models include any information about the system and its context that may be necessary to address privacy concerns from different viewpoints (e.g. requirements specification, logical data structure, processing functions, architectural deployment, development process, assurance evidence, external threats, etc.).
  • as an information sharing tool for prescriptive capabilities, so that the capabilities of available leading solutions are described in shared terms that allow documenting them, comparing them, choosing those most appropriate for a given situation.

Creating synergies to foster the development of an ecosystem of privacy models

While a lot of work is underway by different groups (e.g., privacy threat modelling, privacy patterns, privacy enhancing technologies), this interest group will serve to create synergies and collaboration, addressing the following needs:

(1) Enabling the combination of multiple viewpoints on privacy, integrating

  • the consumer’s viewpoint (e.g. see ISO 31700-1 -, and,
  • the technology realm (e.g., IoT, Artificial intelligence, digital twin),
  • the application domains (e.g., health, energy, transport),
  • solutions (e.g., privacy controls, privacy enhancing technologies), and
  • the product lifecycle (e.g., from inception to end of use/end of support) and data lifecycle (e.g., from collection to deletion of data).

(2) Guidance on privacy practices,

  • at the level of training and awareness creation (e.g., NIST privacy workforce program -, IAPP Privacy Engineering),
  • at the level of privacy threat assessment (e.g., LINDDUN -,, or
  • at the level of trustworthiness and compliance (e.g. standards -

(3) Sharing information on available leading solutions for privacy engineering based on the use of models, i.e., solutions for privacy that correspond to the state of the art (leading) and that have sufficient maturity (available). This can leverage the use of catalogues of patterns for privacy engineering (patterns are abstractions of effectively proven solutions that can be systematically applied to address typical problems under commonly occurring contexts, see


The models for privacy engineering interest group promotes the use, creation and sharing of privacy models (1) as a common language for descriptive capabilities, (2) as an information sharing tool for prescriptive capabilities. Activities will include

  • Creating of awareness on privacy models, through collaborations with other communities (e.g., IAPP, ISACA, CPDP, EclipseCon, and initiatives (e.g., LINDDUN, NIST privacy framework)
  • Contributing to privacy engineering roadmaps on the integration of practices based on privacy models. In can include topics such as governance and policies, privacy capabilities, privacy compliance.
  • Contributing to privacy engineering standards on the integration of practices based on privacy models.
  • Issuing recommendations for information sharing of privacy models and solutions while taking into account IPR restrictions 

The models for privacy engineering interest group will provide an annual report.

It is not in the scope of the interest group to develop specific models, nor to operate a privacy model repository.


Active Member Companies
Member companies supporting this interest group.
Interest Group Phase