DiálogoP - A Language and a Graphical Tool for Formally Defining GDPR Purposes

The notion of processing purpose, as set out in the EU General Data Protection Regulation (GDPR), comprises a crucial part of a software system’s privacy policy. Processing purposes are meant to characterize the usage of personal data within a system. In this work, we propose a formal type language for defining purposes as the communication exchanges between a system’s entities, based on session types enhanced with privacy notions. In order to provide software engineers with the means to easily define processing purposes, we encode the formal language syntax to a UML-based domain model and we present DialogoP, a tool that supports the graphical model definition and subsequently translates it into formal language definitions.

[1]  John Mylopoulos,et al.  GaiusT: supporting the extraction of rights and obligations for regulatory compliance , 2013, Requirements Engineering.

[2]  John Mylopoulos,et al.  Nòmos 3: Reasoning about regulatory compliance of requirements , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).

[3]  Kohei Honda,et al.  An Interaction-based Language and its Typing System , 1994, PARLE.

[4]  Mehrdad Sabetzadeh,et al.  Using Models to Enable Compliance Checking Against the GDPR: An Experience Report , 2019, 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS).

[5]  Alberto Rodrigues da Silva,et al.  RSLingo4Privacy Studio - A Tool to Improve the Specification and Analysis of Privacy Policies , 2017, ICEIS.

[6]  Dimitrios Kouzapas,et al.  Privacy by typing in the π-calculus , 2017, Log. Methods Comput. Sci..

[7]  Gordon J. Pace,et al.  An Automata-Based Approach to Evolving Privacy Policies for Social Networks , 2016, RV.

[8]  Pável Calado,et al.  RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies , 2018, Requirements Engineering.

[9]  Vasco Thudichum Vasconcelos,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 1998, SecReT@ICALP.

[10]  YoshidaNobuko,et al.  Multiparty Asynchronous Session Types , 2008 .

[11]  Maria Virvou,et al.  Based on GDPR privacy in UML: Case of e-learning program , 2017, 2017 8th International Conference on Information, Intelligence, Systems & Applications (IISA).