DC FieldValueLanguage
dc.contributor.authorBavendiek, Kai-
dc.contributor.authorWittner, Florian-
dc.contributor.authorSchwaneberg, Thea-
dc.contributor.authorBehrendt, Christian Alexander-
dc.contributor.authorSchulz, Wolfgang-
dc.contributor.authorFederrath, Hannes-
dc.contributor.authorSchupp, Sibylle-
dc.contributor.authorMueller, Tobias-
dc.date.accessioned2019-07-17T09:29:41Z-
dc.date.available2019-07-17T09:29:41Z-
dc.date.issued2019-
dc.identifier.citationIFIP Advances in Information and Communication Technology (562): 345-358 (2019)de_DE
dc.identifier.isbn978-303022311-3de_DE
dc.identifier.issn1868-422Xde_DE
dc.identifier.urihttp://hdl.handle.net/11420/2958-
dc.description.abstractThe principle of purpose limitation is one of the corner stones in the European General Data Protection Regulation. Automatically verifying whether a software architecture is capable of collecting, storing, or otherwise processing data without a predefined, precise, and valid purpose, and more importantly, whether the software architecture allows for re-purposing the data, greatly helps designers, makers, auditors, and customers of software. In our case study, we model the architecture of an existing medical register that follows a rigid Privacy by Design approach and assess its capability to process data only for the defined purposes. We demonstrate the process by verifying one instance that satisfies purpose limitation and two that are at least critical cases. We detect a violation scenario where data belonging to a purpose-specific consent are passed on for a different and maybe even incompatible purpose.en
dc.language.isoende_DE
dc.titleAutomatically proving purpose limitation in software architecturesde_DE
dc.typeinProceedingsde_DE
dc.type.dinicontributionToPeriodical-
dcterms.DCMITypeText-
tuhh.abstract.englishThe principle of purpose limitation is one of the corner stones in the European General Data Protection Regulation. Automatically verifying whether a software architecture is capable of collecting, storing, or otherwise processing data without a predefined, precise, and valid purpose, and more importantly, whether the software architecture allows for re-purposing the data, greatly helps designers, makers, auditors, and customers of software. In our case study, we model the architecture of an existing medical register that follows a rigid Privacy by Design approach and assess its capability to process data only for the defined purposes. We demonstrate the process by verifying one instance that satisfies purpose limitation and two that are at least critical cases. We detect a violation scenario where data belonging to a purpose-specific consent are passed on for a different and maybe even incompatible purpose.de_DE
tuhh.publisher.doi10.1007/978-3-030-22312-0_24-
tuhh.publication.instituteSoftwaresysteme E-16de_DE
tuhh.type.opusInProceedings (Aufsatz / Paper einer Konferenz etc.)-
tuhh.institute.germanSoftwaresysteme E-16de
tuhh.institute.englishSoftwaresysteme E-16de_DE
tuhh.gvk.hasppnfalse-
dc.type.drivercontributionToPeriodical-
dc.type.casraiConference Paper-
tuhh.container.startpage345de_DE
tuhh.container.endpage358de_DE
dc.relation.conferenceIFIP International Conference on ICT Systems Security and Privacy Protection, SEC 2019de_DE
tuhh.relation.ispartofseriesIFIP advances in information and communication technologyde_DE
local.funding.infoThe work is part of the Information Governance Technologies project which is funded by the Behörde für Wissenschaft, Forschung und Gleichstellung.de_DE
item.creatorOrcidBavendiek, Kai-
item.creatorOrcidWittner, Florian-
item.creatorOrcidSchwaneberg, Thea-
item.creatorOrcidBehrendt, Christian Alexander-
item.creatorOrcidSchulz, Wolfgang-
item.creatorOrcidFederrath, Hannes-
item.creatorOrcidSchupp, Sibylle-
item.creatorOrcidMueller, Tobias-
item.languageiso639-1en-
item.openairetypeinProceedings-
item.fulltextNo Fulltext-
item.creatorGNDBavendiek, Kai-
item.creatorGNDWittner, Florian-
item.creatorGNDSchwaneberg, Thea-
item.creatorGNDBehrendt, Christian Alexander-
item.creatorGNDSchulz, Wolfgang-
item.creatorGNDFederrath, Hannes-
item.creatorGNDSchupp, Sibylle-
item.creatorGNDMueller, Tobias-
item.seriesrefIFIP advances in information and communication technology-
item.mappedtypeinProceedings-
item.openairecristypehttp://purl.org/coar/resource_type/c_5794-
item.grantfulltextnone-
item.cerifentitytypePublications-
item.tuhhseriesidIFIP advances in information and communication technology-
crisitem.author.deptSoftwaresysteme E-16-
crisitem.author.deptSoftwaresysteme E-16-
crisitem.author.parentorgStudiendekanat Elektrotechnik, Informatik und Mathematik-
crisitem.author.parentorgStudiendekanat Elektrotechnik, Informatik und Mathematik-
Appears in Collections:Publications without fulltext
Show simple item record

Page view(s)

186
Last Week
3
Last month
11
checked on Jun 14, 2021

SCOPUSTM   
Citations

1
Last Week
0
Last month
checked on Jun 13, 2021

Google ScholarTM

Check

Add Files to Item

Note about this record

Cite this record

Export

Items in TORE are protected by copyright, with all rights reserved, unless otherwise indicated.