Processo de desenvolvimento de software baseado nos princípios de privacy by design
| Ano de defesa: | 2024 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Tese |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Pontifícia Universidade Católica do Paraná
Ponta Grossa Brasil Programa de Pós-Graduação em Informática PUCPR |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.utfpr.edu.br/jspui/handle/1/34083 |
Resumo: | Collecting, processing, storing, and sharing user data helps service providers understand user preferences, enabling them to offer personalized products and services and contribute to making better business decisions. However, the irresponsible use of personal data puts the privacy of data subjects at risk. This risk occurs not only after the software/app/system is fully operational but also from the initial stages of software development. In order to integrate privacy and personal data protection during all phases of software development, Privacy by Design (PbD) was created, and recently, laws and regulations have been established, such as the General Data Protection Regulation (GDPR), in the European Union, and the General Personal Data Protection Law (LGPD), in Brazil. GDPR and LGPD mention the importance of safeguarding data subjects' personal data at all stages of software development. However, the high level of abstraction of PbD principles makes their application difficult. This work proposes a software development process to assist teams in implementing PbD principles. This research was carried out using the Design Science Research Methodology, which is composed of six steps: identify problem and motivate; define objectives of a solution; design and develop the proposed process, paper, and artifacts; demonstrate the process, role, and artifacts through qualitative empirical assessments with experts; evaluate the qualitative results of the evaluations in order to improve the proposed process, role, and artifacts; and communicate results through scientific means. The results show that the process, role, and artifacts are significant and can assist software development teams in implementing solutions to problems related to violations of the right to personal data protection from the first stages of software development, as addressed by PbD principles. |