A systematic literature review of security and privacy by design principles, norms, and strategies for digital technologies

This paper offers a comparative systematic literature review of the key principles, norms, and strategies associated with Security by Design (SbD) and Privacy by Design (PbD). Both frameworks are grounded in the idea that security and privacy should be integral components of digital technologies from the very beginning of the design process. Following PRISMA guidelines, we reviewed 82 documents sourced from databases such as the ACM Digital Library, EBSCO Library, IEEE Xplore, ProQuest, Scopus, and Web of Science. Our analysis reveals that SbD and PbD share four fundamental principles: prevention/proactiveness, embeddedness, user-centricity, and transparency. The review also highlights the solid regulatory foundation of PbD, particularly under the General Data Protection Regulation (GDPR), compared to the emerging regulatory context for SbD. Additionally, we explore a range of strategies, from organizational cultural changes to technical interventions, that illustrate the nuanced approaches taken to implement these paradigms. We conclude by discussing the broader implications of these findings and suggesting directions for future research, aiming to contribute to the development of technologies that are both secure and respectful of privacy, while also advocating for integrated frameworks that enhance digital trust.