The GDPR impacts the design of information systems which process personal data, because it makes mandatory the adoption of the privacy-by-design and privacy-by-default principles. This compliance must be verified throughout the design cycle, so that it must be considered as early as possible in the cycle, when alternatives are not yet detailed in the overall design and just general directions of the projects may be available. A comparison between alternatives should be performed, which can only have a qualitative nature, but which involves numerous factors, so a panel of experts is needed to obtain a reliable result. In this paper, we propose a analytic hierarchy process-based evaluation approach to examine privacy-related features of alternative information system architectures in the early phases of the design cycle.
CampanileLIaconoMMastroianniM. Towards privacy-aware software design in small and medium enterprises. In: 2022 IEEE international conference on dependable, autonomic and secure computing, international conference on pervasive intelligence and computing, international conference on Cloud and Big Data computing, international conference on cyber science and technology congress (DASC/PiCom/CBDCom/CyberSciTech), Falerna, Italy, 12–15 September 2022. IEEE.
2.
Cavalieri d’OroEColomboSGribaudoM, et al.Modeling and evaluating a complex edge computing based systems: An emergency management support system case study. Internet Things2019; 6: 100054.
3.
ShahSIHPeristerasVMagnisalisI. Dalif: a data lifecycle framework for data-driven governments. J Big Data2021; 8: Article number: 89.
4.
GribaudoMIaconoMKiranM. A performance modeling framework for lambda architecture based applications. Future Gener Comput Syst2018; 86: 1032–1041.
5.
BarbieratoEGribaudoMIaconoM, et al.Performability modeling of exceptions-aware systems in multiformalism tools. In: Al-Begain K, Balsamo S, Fiems D and Marin A (eds) Analytical and stochastic modeling techniques and applications. ASMTA 2011. Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), LNCS, vol. 6751, pp. 257–272. Berlin: Springer, 2011.
6.
IaconoMMastroianniMRiccioC, et al.A Blockchain/Cloud privacy performance comparison using AHP methodology: a smart road case study. In: Proceedings of the communications of the ECMS, Catania, Italy, 24–27 June 2025, vol. 39, pp.584–592. European Council for Modelling and Simulation.
7.
CampanileLIaconoMLevisAH, et al.Privacy regulations, smart roads, Blockchain, and liability insurance: putting technologies to work. IEEE Secur Priv2021; 19: 34–43.
8.
British Standards Institute. Smart city framework-guide to establishing strategies for smart cities and communities. Technical Report PAS 181:2014, BSI, London, UK, 2014.
9.
IsmagilovaEHughesLRanaNP, et al.Security, privacy and risks within smart cities: literature review and development of a smart city interaction framework. Inf Syst Front2022; 24: 1–22.
10.
NakamotoS. Bitcoin: a peer-to-peer electronic cash system. Santa Fe, New Mexico: Leaf Storm Press, 2008.
11.
SharmaJSJ. Blockchain technology: implications across finance, law, and information security. J Asian Res Found2025; 1: 131–140.
12.
JainAKGuptaNGuptaBB. A survey on scalable consensus algorithms for Blockchain technology. Cyber Secur Appl2025; 3: 100065.
13.
RajasekaranASAzeesMAl-TurjmanF. A comprehensive survey on Blockchain technology. Sustain Energy Technol Assess2022; 52: 102039.
14.
JudijantoL, et al.Blockchain applications beyond cryptovaluta: a literature perspective on the use of Blockchain technology. Int J Financ Econ2025; 2: 57–63.
15.
SaatyRW. The analytic hierarchy process—what it is and how it is used. Math Model1987; 9: 161–176.
16.
BehzadianMOtaghsaraSKYazdaniM, et al.A state-of the-art survey of topsis applications. Expert Syst Appl2012; 39: 13051–13069.
ChangK-H. A novel general risk assessment method using the soft TOPSIS approach. J Ind Prod Eng2015; 32: 408–421.
19.
KinjoEMLibrantzAFHde SouzaEM, et al.Criticality assessment of the components of IoT system in health using the AHP method. Res Soc Dev2021; 10: e57010212917 .
20.
LinI-CLinY-WWuY-S. Corresponding security level with the risk factors of personally identifiable information through the analytic hierarchy process. J Comput2016; 11: 124–131.
21.
TyagiMKumarPKumarD. A hybrid approach using AHP-TOPSIS for analyzing e-scm performance. Procedia Eng2014; 97: 2195–2203.
22.
JatothCGangadharanGFioreU. Evaluating the efficiency of Cloud services using modified data envelopment analysis and modified super-efficiency data envelopment analysis. Soft Comput2017; 21: 7221–7234.
23.
PetrilloASalomonVAPTramaricoCL. State-of-the-art review on the analytic hierarchy process with benefits, opportunities, costs, and risks. J Risk Financial Manag2023; 16: 372.
24.
Garbuzova-SchlifterMMadlenerR. AHP-based risk analysis of energy performance contracting projects in Russia. Energy Policy2016; 97: 559–581.
25.
LealJE. AHP-Express: A simplified version of the analytical hierarchy process method. MethodsX2020; 7: 100748.
26.
ÇelikbilekYTüysüzF. An in-depth review of theory of the TOPSIS method: an experimental analysis. J Manage Anal2020; 7: 281–300.
27.
Le RouxDOlivèsRNeveuP. Combining entropy weight and TOPSIS method for selection of tank geometry and filler material of a packed-bed thermal energy storage system. J Clean Prod2023; 414: 137588.
28.
LandollD. The security risk assessment handbook: a complete guide for performing security risk assessments. Boca Raton, USA: CRC Press, 2021.
29.
RausandM. Risk assessment: theory, methods, and applications. vol. 115. Hoboken, USA: John Wiley & Sons, 2013.
30.
CampanileLCantielloPIaconoM, et al.Risk analysis of a GDPR-compliant deletion technique for consortium Blockchains based on pseudonymization. In: Computational science and its applications – ICCSA 2021: 21st international conference, Cagliari, Italy, September 13–16, 2021, proceedings, part VIII. Lecture notes in computer science (including subseries Lecture notes in artificial intelligence and lecture notes in bioinformatics), LNCS, vol. 12956, pp.3–14. Berlin: Springer.
31.
CampanileLIaconoMMarulliF, et al.Privacy regulations challenges on data-centric and IoT systems: a case study for smart vehicles. In: IoTBDS 2020 – proceedings of the 5th international conference on internet of things, big data and security, Setúbal, Portugal, 7–9 May 2020, pp.507–520. SciTePress.
