Privacy impact assessments in the wild: A scoping review

IF 2.3 Q2 COMPUTER SCIENCE, THEORY & METHODS
Array Pub Date : 2024-07-02 DOI:10.1016/j.array.2024.100356
Leonardo Horn Iwaya , Ala Sarah Alaqra , Marit Hansen , Simone Fischer-Hübner
{"title":"Privacy impact assessments in the wild: A scoping review","authors":"Leonardo Horn Iwaya ,&nbsp;Ala Sarah Alaqra ,&nbsp;Marit Hansen ,&nbsp;Simone Fischer-Hübner","doi":"10.1016/j.array.2024.100356","DOIUrl":null,"url":null,"abstract":"<div><p>Privacy Impact Assessments (PIAs) offer a process for assessing the privacy impacts of a project or system. As a privacy engineering strategy, they are one of the main approaches to privacy by design, supporting the early identification of threats and controls. However, there is still a shortage of empirical evidence on their use and proven effectiveness in practice. To better understand the current literature and research, this paper provides a comprehensive Scoping Review (ScR) on the topic of PIAs “in the wild,” following the well-established Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) guidelines. This ScR includes 45 studies, providing an extensive synthesis of the existing body of knowledge, classifying types of research and publications, appraising the methodological quality of primary research, and summarising the positive and negative aspects of PIAs in practice, as reported by those studies. This ScR also identifies significant research gaps (e.g., evidence gaps from contradictory results and methodological gaps from research design deficiencies), future research pathways, and implications for researchers, practitioners, and policymakers developing and using PIA frameworks. As we conclude, there is still a significant need for more primary research on the topic, both qualitative and quantitative. A critical appraisal of qualitative studies revealed deficiencies in the methodological quality, and only four quantitative studies were identified, suggesting that current primary research remains incipient. Nonetheless, PIAs can be regarded as a prominent sub-area in the broader field of empirical privacy engineering, in which further scientific research to support existing practices is needed.</p></div>","PeriodicalId":8417,"journal":{"name":"Array","volume":null,"pages":null},"PeriodicalIF":2.3000,"publicationDate":"2024-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2590005624000225/pdfft?md5=fc78c3586c447695244b568609d2c91f&pid=1-s2.0-S2590005624000225-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Array","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2590005624000225","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

Privacy Impact Assessments (PIAs) offer a process for assessing the privacy impacts of a project or system. As a privacy engineering strategy, they are one of the main approaches to privacy by design, supporting the early identification of threats and controls. However, there is still a shortage of empirical evidence on their use and proven effectiveness in practice. To better understand the current literature and research, this paper provides a comprehensive Scoping Review (ScR) on the topic of PIAs “in the wild,” following the well-established Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) guidelines. This ScR includes 45 studies, providing an extensive synthesis of the existing body of knowledge, classifying types of research and publications, appraising the methodological quality of primary research, and summarising the positive and negative aspects of PIAs in practice, as reported by those studies. This ScR also identifies significant research gaps (e.g., evidence gaps from contradictory results and methodological gaps from research design deficiencies), future research pathways, and implications for researchers, practitioners, and policymakers developing and using PIA frameworks. As we conclude, there is still a significant need for more primary research on the topic, both qualitative and quantitative. A critical appraisal of qualitative studies revealed deficiencies in the methodological quality, and only four quantitative studies were identified, suggesting that current primary research remains incipient. Nonetheless, PIAs can be regarded as a prominent sub-area in the broader field of empirical privacy engineering, in which further scientific research to support existing practices is needed.

野外隐私影响评估:范围审查
隐私影响评估 (PIA) 提供了一个评估项目或系统隐私影响的流程。作为一种隐私工程策略,隐私影响评估是通过设计实现隐私保护的主要方法之一,有助于及早识别威胁和控制措施。然而,关于它们的使用和在实践中被证明的有效性,仍然缺乏实证证据。为了更好地了解当前的文献和研究,本文按照成熟的系统综述和荟萃分析首选报告项目 (PRISMA) 指南,对 "野生 "的 PIA 主题进行了全面的范围界定综述 (SCR)。本系统综述包括 45 项研究,对现有知识体系进行了广泛综述,对研究和出版物类型进行了分类,对主要研究的方法论质量进行了评估,并总结了这些研究报告中 PIA 在实践中的积极和消极方面。本科学报告还指出了重要的研究缺口(例如,相互矛盾的结果造成的证据缺口和研究设计缺陷造成的方法缺口)、未来的研究路径,以及对研究人员、从业人员和政策制定者开发和使用 PIA 框架的影响。正如我们总结的那样,仍然非常需要对该主题进行更多的初级研究,包括定性和定量研究。对定性研究的批判性评估显示了方法论质量方面的缺陷,仅发现了四项定量研究,这表明当前的初级研究仍处于起步阶段。尽管如此,隐私影响评估可被视为更广泛的实证隐私工程领域中的一个突出子领域,需要进一步的科学研究来支持现有的做法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Array
Array Computer Science-General Computer Science
CiteScore
4.40
自引率
0.00%
发文量
93
审稿时长
45 days
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信