01615nas a2200193   4500000000100000000000100001008004100002653001900043653002200062653002600084653002900110653001000139653001200149100001900161245009100180300001200271490000700283520113100290       2019                            d10aGDPR Directive10aimpact assessment10amaritime surveillance10aopen source intelligence10aOSINT10aprivacy1 aJyri Rajamäki00aDesign Science Research towards Privacy by Design in Maritime Surveillance ICT Systems  a196-2140 v433 a<p>Maritime surveillance is essential for creating maritime awareness. When open source intelligence (OSINT) is becoming a part of it, privacy in surveillance will be a special concern. However, processing of personal data in surveillance is regulated by the General Data Protection Regulation (GDPR) and/or by the Directive 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. In both of these regulations, Privacy by Design (PbD) approach is mandatory. GDPR encourages applying a Data Protection Impact Assessment (DPIA) to identify and minimize data protection risks as the initial step of any new project. This design science research shows how PbD and DPIA are adapted in the MARISA project and tries to be a step towards new meta-artifacts and useful methods for the design and validation of privacy requirements engineering approaches into maritime surveillance ICT systems.</p>