Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering

In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-to-start PDP4E project, where privacy will be introduced into existent general-purpose software engineering tools and methods, dealing with (risk management, requirements engineering, model-driven design, and software/systems assurance).

[1]  Rebecca Wong The future of privacy , 2011 .

[2]  Marit Hansen,et al.  Protection Goals for Privacy Engineering , 2015, 2015 IEEE Security and Privacy Workshops.

[3]  By Simon Davies Why Privacy by Design is the next crucial step for privacy protection , 2010 .

[4]  Janne Lindqvist,et al.  Should I Protect You? Understanding Developers' Behavior to Privacy-Preserving APIs , 2014 .

[5]  Eran Toch,et al.  Privacy Mindset, Technological Mindset , 2014 .

[6]  José M. del Álamo,et al.  A Metamodel for Privacy Engineering Methods , 2017, IWPE@SP.

[7]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[8]  Iveta Košovská,et al.  The Public Administration Accounting in the Light Public Finance Managements Reform and Changes of the New Accounting Directive of the European Parliament and the European Council , 2014 .

[9]  Sokratis K. Katsikas,et al.  Trust, Privacy and Security in Digital Business , 2016, Lecture Notes in Computer Science.

[10]  Lorrie Faith Cranor,et al.  Improving App Privacy: Nudging App Developers to Protect User Privacy , 2014, IEEE Security & Privacy.

[11]  Василь Васильович Цуркан,et al.  Спроба локалізації ISO GUIDE 73:2009 «Risk management – Vocabulary» , 2012 .

[12]  Perri The future of privacy , 1998 .

[13]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[14]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[15]  A Straw,et al.  Guide to the Software Engineering Body of Knowledge , 1998 .

[16]  Walid Maalej,et al.  On lawful disclosure of personal user data: What should app developers do? , 2014, 2014 IEEE 7th International Workshop on Requirements Engineering and Law (RELAW).

[17]  James Stevens,et al.  Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process , 2007 .

[18]  Stefanos Gritzalis,et al.  Privacy Enhancing Technologies: A Review , 2003, EGOV.

[19]  José M. del Álamo,et al.  Privacy Engineering: Shaping an Emerging Field of Research and Practice , 2016, IEEE Security & Privacy.

[20]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[21]  David Wright,et al.  PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology , 2015, 2015 IEEE Security and Privacy Workshops.

[22]  Josep Domingo-Ferrer,et al.  Privacy and Data Protection by Design - from policy to engineering , 2014, ArXiv.

[23]  Agustí Verde Parera,et al.  General data protection regulation , 2018 .

[24]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[25]  Maritta Heisel,et al.  Systematic identification of information flows from requirements to support privacy impact assessments , 2015, 2015 10th International Joint Conference on Software Technologies (ICSOFT).

[26]  Eran Toch,et al.  Privacy by designers: software developers’ privacy mindset , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[27]  Stefan Fenz,et al.  A taxonomy for privacy enhancing technologies , 2015, Comput. Secur..

[28]  Tomaz Klobucar,et al.  Privacy-Enhancing Technologies - approaches and development , 2003, Comput. Stand. Interfaces.

[29]  Javier Lopez,et al.  Trust, Privacy, and Security in Digital Business , 2013, Lecture Notes in Computer Science.

[30]  Kristian Beckers,et al.  A Problem-Based Approach for Computer-Aided Privacy Threat Identification , 2012, APF.

[31]  Lorrie Faith Cranor,et al.  The Privacy and Security Behaviors of Smartphone App Developers , 2014 .