Privacy Compliance Via Model Transformations

Publikationstyp
Conference Paper
Date Issued
2018-04
Sprache
English
Author(s)
Antignac, Thibaud  
Scandariato, Riccardo  
Schneider, Gerardo  
TORE-URI
http://hdl.handle.net/11420/10260
Start Page
120
End Page
126
Citation
IEEE European Symposium on Security and Privacy Workshops, EURO S and PW (2018)
Contribution to Conference
3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018  
Publisher DOI
10.1109/EuroSPW.2018.00024
Scopus ID
2-s2.0-85050952657
Due to the upcoming, more restrictive regulations (like the European GDPR), designing privacy preserving architectures for information systems is becoming a pressing concern for practitioners. In particular, verifying that a design is compliant with the regulations might be a challenging task for engineers. This work presents an approach based on model transformations, which guarantee that an architectural design encompasses regulation-oriented principles such as purpose limitation, or accountability of the data controller. Our work improves the state of the art along two main dimensions. The approach we propose (i) embeds privacy principles coming from regulations, thus helping to bridge the gap between the technical and the legal worlds, (ii) systematize the embedding of the privacy principles coming from regulations, thus enabling a constructive approach to privacy by design.
Subjects
GDPR
MDE
Privacy-by-design