Privacy represents an important factor for the success of any kind of system that processes the data of its users. Cyber-Physical Systems (CPS) are no different in this regard, but they come with their own unique challenges. The integration and interaction between the physical world and the cyber world, which lie at the core of such systems, leads to new privacy risks. A wide variety of sensory bring the potential for hidden data collection. Furthermore, actuators can influence elements and processes of the real world, while advanced computational abilities threaten to reveal sensitive information about users. Their complexity and the wide variety of involved components make such systems difficult to understand for end-users with regard to the system’s makeup, its behavior, and how their data is affected. Due to the unique architectures of CPS, encompassing many interconnected heterogenous components/devices, traditional design approaches are no longer sufficient. The same goes for ensuring that end-users are provided with what they need to manage their privacy-relevant data in a way that is transparent and understandable to them.
To address this issue, this thesis introduces the System-of-Systems-Privacy concept (SoS-Privacy), a privacy management concept that uses a System-of-Systems view to abstract a CPS as a collection of interacting components. Digital Twins of CPS components were proposed as the carriers of certain privacy management functionality (providing information and enforcing privacy requirements of an end-user), while an interface element realizes the interaction with the end-user. The basis for the concept was a variety of literature inputs related to privacy and the identified characteristics of CPS. The proposed concept and its application were furthermore demonstrated utilizing a healthcare scenario and a first prototype was created. Both the general concept and its application to the scenario were evaluated to determine how it supports the identified criteria of transparency and understandability. The evaluation showed that SoS-Privacy support these qualities with regard to the makeup of the CPS and its behavior. It furthermore makes clear how a user’s privacy-relevant data is affected and what measures they can take to manage and protect their privacy. Therefore, it could prove a valuable tool to enable end-users of CPS to make informed decisions with regard to their privacy-relevant data.