Defining Privacy Engineering as a Profession
Authors: Nikita Samarin (University of California, Berkeley), Nandita Rao Narla (Future of Privacy Forum), Liam Webster (University of California, Berkeley), Daniel Smullen (CableLabs)
Volume: 2025
Issue: 4
Pages: 549–565
DOI: https://doi.org/10.56553/popets-2025-0144
Abstract: Rapid technological advancements, evolving legal frameworks, and increasingly heightened public concern over personal data have catalyzed the emergence of privacy engineering as a critical discipline. However, the "privacy engineer" role remains loosely defined, with significant variability in responsibilities, required competencies, and organizational positioning. This paper presents a qualitative investigation into the practices, challenges, and professional profiles of privacy engineers through 27 semi-structured interviews with US-based practitioners from diverse organizational contexts. Our thematic analysis reveals four primary themes: (1) the conceptual ambiguity surrounding privacy engineering roles, (2) a blend of ethical motivation, intellectual curiosity, and the desire for career growth driving professionals into the field, (3) organizational and regulatory challenges, such as misaligned incentives and the difficulty of translating abstract legal requirements into actionable technical solutions, and (4) the critical competencies required, including robust technical skills, effective cross-functional communication, and risk management expertise. Our findings contribute to a deeper scholarly understanding of privacy engineering as a multidisciplinary practice and offer practical guidance for organizations aiming to integrate privacy more effectively into their product development cycles.
Keywords: privacy engineering, professional practice, interviews, qualitative study, challenges, skills
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
