The concepts presented below were extracted from a systematic literature review.
· Private (1): Content or information is private (IEEE48);
· Public (1): Content or information is public (IEEE48);
· Semi-Public (1): It shares content and/or information with particular groups, or particular categories of users (IEEE48);
· Owner (5): Agent is the owner of his personal information/data (COMPEDEX9);
· Third Party (4): Active components who receive personal information (SCIENCE154);
· Personal Information (31): It is relate to a living individual who can be identified from that information (ACM7);
· Privacy Mechanism (26): It refers to appropriate privacy protection mechanisms (SNOW114);
· Safeguards (1): Guarantee granted to protect some personal information (SCOPUS35);
· Awareness/Necessity to know/ Know/ feeling of control (10): It occurs when the user is aware of the information he is supplying to the system and the consequences of his/her act of sharing (SCIENCE154).
· Openness (2): It informs users about news. For example, inform users about new privacy policies (SCOPUS35);
· Consent/Permission (20): It refers to get users consent about something (ACM17);
· Accuracy (1): It refers to exactness of information or data (SCOPUS35);
· Agreement (2): It get, users’ agreement about something (IEEE18);
· Obligation (2): A set of actions that guarantees to perform, after the data have been processed. For example, data collected (SNOW118);
· Socialization (2): Social relationships with others (COMPEDEX9);
· Intentionality (1): Agents have intentions and they do not necessarily share common goals (COMPEDEX9);
· Non Repudiation (4): It occurs when it is possible to gather evidence so that a party cannot deny having performed an action. For example, disclose agent data (SCIENCE154).
· Availability (6): It ensures a minimum availability level for the personal information (SNOW122);
· Collect (7): Collection of personal information (SCOPUS35);
· Disclosure (11): Exposure of information to individuals who are not supposed to have access to it (SCIENCE154).
· Use (7): Use of personal information (SCOPUS35);
· Access Control (18): It deals with permission and denial of access (COMPEDEX9);
· Autonomy (1): The agent has independence to make decisions (COMPEDEX9);
· Vulnerability (7): Attacker or a malicious user might exploit fragility and get access (being exposed or attacked) (SCIENCE27);
· Confidentiality (12): It implies the protection of the information which must not be revealed to third parties (SCIENCE263);
· Intervenability (1): The parties involved in any privacy relevant data processing, including the individual whose personal data are processed, have the possibility to intervene, where necessary. For example, intervene in the way that the data is being disclosed (SNOW70).
· Dectectability (1): It occurs when one can sufficiently distinguish whether something exists For example, a system (SCIENCE154).
· Integrity (11): Accuracy and consistency of personal information (SCIENCE27);
· Unobservability (3): It connects users' by providing techniques to not be observable (SNOW22);
· Unlikability (5): It occurs when one cannot sufficiently distinguish whether 2 items of interest (like requests from a user) are related (SCIENCE154);
· Pseudonymity (2): It is used when anonymity cannot be provided but again for the purpose of protecting user’s identification (SNOW22).
· Anonymity (9): Agent enters in a system identify by using a pseudonym (SNOW22);
· Authorization (16): Agents that are allowed the protected resources of a system (SNOW121);
· Authentication (11): It is a way to prove personal identity. For example, username and password (SNOW22);
· Opportunity (1): It is to determine the chances of privacy problems occurs (SNOW22);
· Strength (1): It is to determine the strong points of privacy protection (SNOW22);
· Weakness (1): It is to determine the weak points of privacy protection (SNOW22);
· Conflict (3): Lack of understanding between agents (SNOW22);
· Trust (12): An agent “A” forwards the information of agent “B” to others contravening the agent “B” terms and conditions (ACM7);
· Constraint (7): It is used to represent a set of restrictions that do not permit specific actions to be taken, restrict the way that actions can be taken or prevent certain system objectives from being achieved (SCIENCE27);
· Assurance (4): Knowledge and behavior to convey confidence and trust (SCIENCE40);
· Measure (2): It represents a generic, implementation independent form of control that indicates how a necessity will be achieved (SCIENCE27);
· Privacy Threats (17): Threats pose potential loss or indicate problems that can put the system at risk (SCIENCE27);
· Harms (2): Associate with a threat. When privacy violation occurs to an user (ACM7);
· Exposure (1): Personal/sensitive information received by unintended recipients (ACM7);
· Surveillance (1): It refers to requests for information about an agent (ACM7);
· Aggregation (1): It combines datasets to produce a new type of information without agent’s consent (ACM7);
· Misinformation (1): Inaccurate or insufficient level of information about an agent is transmitted (ACM7);
· Power Imbalance (1): Third Party uses information to control an agent (ACM7);
· Context (2): Information from one context may be used in another context (ACM7);
· Intrusion (1): It is occurs when the third- party disturbs agent's tranquility (ACM7);
· Identification (5): Agent’s personal information is revealed (ACM7);
· Accountability (5): It is occurs when a data controller has responsibility of privacy data (SNOW7);
· Compliance (5): Occurs when the system is compliant with the (data protection) legislation, its advertised policies and the existing user consents (SCIENCE154).
· Risk (3): Occurs when there is a vulnerability exploit in the system (SPRINGER65);
· Auditability (1): An ability of a system to conduct persistent, non-by passable monitoring of all actions performed by humans or machines within the system (SPRINGER160);
· Processor/ Manager (2): is the service entity responsible for delivery content (mostly data) and for user data restoration (SPRINGER23);
· Privacy policy (3): procedure and effectiveness implementation of organizational culture (SPRINGER23);
· Privacy Preferences (11): Preferences of agents (SPRINGER129).
· Retention: how long data will be stored. (Silva et al., 2016)