Privacy-Enhancing Technologies in Digital Public Services: Bridging Legal Demands and Sociotechnical Design

  • Marta Juvina de Medeiros UnB
  • Edna Dias Canedo UnB
DOI: https://doi.org/10.5753/sbsi.2026.248552

Resumo


Research Context: Digital government increasingly relies on large-scale data processing for public services. Ensuring citizens’ privacy while enabling data-driven value creation is a critical challenge for Information Systems (IS) in the public sector. Scientific and/or Practical Problem: Traditional safeguards (e.g., access control, anonymization) are insufficient against reidentification risks and inter-organizational data sharing demands. Public agencies lack actionable guidance to select and deploy Privacy-Enhancing Technologies (PETs) fitting legal, organizational, and technical constraints. Proposed Solution and/or Analysis: We synthesize categories and application patterns of PETs (Differential Privacy, Secure Multiparty Computation, Homomorphic Encryption, Federated Learning, Trusted Execution Environments, Synthetic Data) and analyze their suitability to government scenarios. We provide policy-to-PET mapping using recent Brazilian federal decrees. Related IS Theory: Grounded in Sociotechnical Systems (alignment of people, processes, and technologies), Privacy by Design as a strategy, and Information Governance for accountability, transparency, and risk management. Research Method: Concept-centric analysis of PETs and their governance implications; document analysis of 2025 executive decrees mentioning personal data; analytic generalization to derive PET selection rationales for public-sector IS. Summary of Results: We (i) clarify privacy vs personal data protection for design, (ii) categorize PETs by function and lifecycle stage (data in use, input/output privacy), (iii) derive PET recommendations for inter-agency collaboration, secure analytics, and transparency (e.g., MPC/HE for cross-entity processing; Differential Privacy for open statistics), and (iv) identify capability and governance gaps (skills, interoperability, stewardship). Contributions and Impact to IS area: We bridge PETs’ technical capabilities with IS governance needs in digital government, offering a rationale for PET selection under regulatory, organizational, and sociotechnical constraints. The study advances responsible innovation in IS, informs publicsector architectures, and aligns with Brazil’s GranDSI-BR (2016–2026) by addressing ethics, transparency, and societal impacts of intelligent IS.

Referências

Andrade, V. C., Gomes, R. D., Reinehr, S. S., de Almendra Freitas, C. O., and Malucelli, A. (2022). Privacy by design and software engineering: a systematic literature review. In Canedo, E. D., Viana, D., Garcia, V. C., Bezerra, C. I. M., de Sousa Santos, I., Gadelha, B., Machado, I., Soares, S., Kulesza, U., de França, B., Conte, T., Maldonado, J. C., Reinehr, S. S., Malucelli, A., Albuquerque, A. B., Santos, G., Barcellos, M. P., dos Santos, R. P., Lima, C., Monteiro, D., Damian, A., and Rocha, L., editors, Proceedings of the XXI Brazilian Symposium on Software Quality, SBQS 2022, Curitiba, Brazil, November 7-10, 2022, pages 18:1–18:10. ACM.

Azevedo, L. F. D. and Canedo, E. D. (2025). A structured checklist approach to evaluating transparency and privacy in brazilian digital services. In Santos, G., Reinehr, S. S., de Farias Júnior, I., Gadelha, B., Barcellos, M., Freire, S., de França, B. B. N., Canedo, E. D., Oran, A. C., Matsubara, P., and Parizi, R., editors, Proceedings of the 24th Brazilian Symposium on Software Quality, SBQS 2025, São José dos Campos, SP, Brazil, November 4-7, 2025, pages 400–410. SBC.

Brasil (2018). Lei nº 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da República Federativa do Brasil.

Braz, A. and Canedo, E. (2025). Mapping lgpd principles to ethical principles in the context of artificial intelligence. In Anais do VI Workshop sobre as Implicações da Computação na Sociedade, pages 1–13, Porto Alegre, RS, Brasil. SBC.

Calvi, A., Malgieri, G., and Kotzinos, D. (2024). The unfair side of privacy enhancing technologies: addressing the trade-offs between pets and fairness. In The 2024 ACM Conference on Fairness, Accountability, and Transparency, FAccT 2024, Rio de Janeiro, Brazil, June 3-6, 2024, pages 2047–2059. ACM.

Co-Operation, O. F. E. and Development (2023). Oecd guidelines on the protection of privacy and transborder flows of personal data. OECD, page 1–65.

da Gestão e da Inovação em Serviços Públicos, M. (2016). Estratégia de governança digital. Governo Digital.

Department for Science, I. and Technology (2025). Privacy enhancing technologies adoption guide. Centre for Data Ethics and Innovation’s (CDEI).

Dwork, C. and Roth, A. (2014). The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci., 9(3-4):211–407.

ENISA (2016). Readiness analysis for the adoption and evolution of privacy enhancing technologies. European Union Agency for Cybersecurity.

Ferrão, S. É. R., Silva, G. R. S., Canedo, E. D., and Mendes, F. F. (2024). Towards a taxonomy of privacy requirements based on the LGPD and ISO/IEC 29100. Inf. Softw. Technol., 168:107396.

Kamm, L., Bogdanov, D., Brito, E., and Ostrak, A. (2023). Blueprints for deploying privacy enhancing technologies in e-government. In Bieker, F., Conca, S. D., Gruschka, N., Jensen, M., and Schiering, I., editors, Privacy and Identity Management. Sharing in a Digital World - 18th IFIP WG 9.2, 9.6/11.7, 11.6 International Summer School, Privacy and Identity 2023, Oslo, Norway, August 8-11, 2023, Revised Selected Papers, volume 695 of IFIP Advances in Information and Communication Technology, pages 3–19. Springer.

Kurth, H. A. (2023). Privacy-enhancing and privacypreserving technologies: Understanding the role of pets and ppts in the digital age. CIPL, page 1–25.

Lemieux, V. L. and Werner, J. (2023). Protecting privacy in digital records: The potential of privacy-enhancing technologies. ACM Journal on Computing and Cultural Heritage, 16(4):83:1–83:18.

Lindell, Y. (2020). Secure multiparty computation. Commun. ACM, 64(1):86–96.

Mahmodi Parchini, M., Riazi, L., and Porebrahimi, A. (2025). Proposed model for data governance implementation with emphasis on privacy protection. Sciences and Techniques of Information Management.

Matos, A., Patrício, M., Nicolau, M. I., Canedo, E. D., Pereira, J. A., and Uchôa, A. G. (2025). Data privacy in software practice: Brazilian developers’ perspectives. J. Internet Serv. Appl., 16(1):299–319.

Neves Camêlo, M. and Alves, C. (2023). G-priv: A guide to support lgpd compliant specification of privacy requirements. iSys - Brazilian Journal of Information Systems, 16(1):2:1 – 2.

Nissim, K. and Wood, A. (2017). Differential privacy: A primer for a non-technical audience. Workshop on New Advances in Disclosure Limitation (CDAC).

Parliament, T. E. and Council, T. (2018). General Data Protection Regulation (GDPR). Intersoft Consulting.

Pedrosa, G., Canedo, E., Pereira, W., and Figueiredo, R. (2025). Digital public service evaluation in brazil: Federal managers’ perspectives and improvement opportunities. In Anais do XIII Latin American Symposium on Digital Government, pages 97–108, Porto Alegre, RS, Brasil. SBC.

Peixoto, M. M., Gorschek, T., Méndez, D., Silva, C., and Fucci, D. (2025). The perspective of agile software developers on data privacy. J. Softw. Evol. Process., 37(2).

Porto, D., Prado, R., Marques, G., Serrano, A., Mendonça, F., and Canedo, E. (2025). Ethical requirements in the age of artificial intelligence: A systematic literature review. In Anais do XXI Simpósio Brasileiro de Sistemas de Informação, pages 663–672, Porto Alegre, RS, Brasil. SBC.

PÚBLICOS, M. D. G. E. D. I. E. S. (2024). Programa de privacidade e seguranÇa da informaÇÃo (ppsi), versão 1.1.4. PRESIDÊNCIA DA REPÚBLICA, 2:1–178.

Razi, Q., Piyush, R., Chakrabarti, A., Singh, A., Hassija, V., and Chalapathi, G. S. S. (2025). Enhancing data privacy: A comprehensive survey of privacy-enabling technologies. IEEE Access, 13:40354–40385.

Rocha, L. D. and Canedo, E. D. (2025). Optimizing compliance: Comparative study of data laws and privacy frameworks. J. Internet Serv. Appl., 16(1):431–452.

Saniei, R. (2020). Challenges in the implementation of privacy enhancing semantic technologies (pests) supporting GDPR. In Rodríguez-Doncel, V., Palmirani, M., Araszkiewicz, M., Casanovas, P., Pagallo, U., and Sartor, G., editors, AI Approaches to the Complexity of Legal Systems XI-XII - AICOL International Workshops 2018 and 2020: AICOL-XI@JURIX 2018, AICOL-XII@JURIX 2020, XAILA@JURIX 2020, Revised Selected Papers, volume 13048 of Lecture Notes in Computer Science, pages 283–297. Springer.

Saraiva, J., Souza, C., and Soares, S. (2025). Mmai-lgpd: A maturity model for governance and data compliance in information systems institutions. In Anais do XXI Simpósio Brasileiro de Sistemas de Informação (SBSI), pages 788–797, Porto Alegre, RS, Brasil. SBC.

Shahriar, S., Dara, R., and Akalu, R. (2025). A comprehensive review of current trends, challenges, and opportunities in text data privacy. Comput. Secur., 151:104358.

Spósito, S. L., Alves, K., Nunes, R. R., Ferreira, L. R., and Canedo, E. D. (2025). Structuring privacy and information security competencies for public sector roles: A frame work for enhancing software quality and LGPD compliance. In Santos, G., Reinehr, S. S., de Farias Júnior, I., Gadelha, B., Barcellos, M., Freire, S., de França, B. B. N., Canedo, E. D., Oran, A. C., Matsubara, P., and Parizi, R., editors, Proceedings of the 24th Brazilian Symposium on Software Quality, SBQS 2025, São José dos Campos, SP, Brazil, November 4-7, 2025, pages 365–375. SBC.

Spósito, S., Moreira, F., and Canedo, E. (2025a). Designing a training journey for privacy and information security practitioners in the federal public administration. In Anais do XXI Simpósio Brasileiro de Sistemas de Informação (SBSI), pages 95–104, Porto Alegre, RS, Brasil. SBC.

Spósito, S. L., Targino, J. F. G., Silva, G. R. S., Peotta, L., Porto, D. d. P., Mendonça, F. L. L., and Canedo, E. D. (2025b). A comprehensive review of techniques, methods, processes, frameworks, and tools for privacy requirements. Journal of Internet Services and Applications, 16(1):508–529.

TNO (2021). Pet decision tree. Netherlands Organisation for Applied Scientific Research.

Venson, E., da Costa Figueiredo, R. M., and Canedo, E. D. (2024). Leveraging a startup-based approach for digital transformation in the public sector: A case study of brazil’s startup gov.br program. Gov. Inf. Q., 41(3):101943.
Publicado
25/05/2026
Como Citar

Selecione um Formato
MEDEIROS, Marta Juvina de; CANEDO, Edna Dias. Privacy-Enhancing Technologies in Digital Public Services: Bridging Legal Demands and Sociotechnical Design. In: SIMPÓSIO BRASILEIRO DE SISTEMAS DE INFORMAÇÃO (SBSI), 22. , 2026, Vitória/ES. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2026 . p. 459-477. DOI: https://doi.org/10.5753/sbsi.2026.248552.

Artigos mais lidos do(s) mesmo(s) autor(es)

<< < 1 2 3 4 5 > >>