Engineering privacy by design: lessons from the design and implementation of an identity wallet platform

In the last decade, there has been more and more focus on the topic of information privacy, especially considering the ever increasing digital transformations that both businesses and the society are experiencing. As a right of individuals to "control when, how and to what extent information about them is communicated to others" [29], privacy has become an important expectation of users. A recent study in the EU showed that more than 70% of the citizens are not willing to sacrifice their privacy in exchange for a service [17]. The paradigm of Privacy-by-Design (PbD) [14] has become more important nowadays, which has also become a regulatory requirement by the EU General Data Protection Regulation (GDPR), which came into force in May 2018 [2]. PbD as a paradigm defines principles promoting the integration of privacy goals already during the design of an ICT system. However, translating those principles into engineering requirements is seen as a challenge.