A comparison of system description models for data protection by design

Dewitte, Pierre; Wuyts, Kim; Sion, Laurens; Landuyt, Dimitri Van; Emanuilov, Ivo; Valcke, Peggy; Joosen, Wouter

doi:10.1145/3297280.3297595

Cited by 12 publications

(6 citation statements)

References 17 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Privacy is a vague and fuzzy concept without a rigid definition. It is widely misunderstood that privacy can only be protected by securing or encrypting the data itself [1], as in Microsoft's STRIDE model [4] [12]. In fact, the design of a system could play a large role in preserving data privacy, which leads to the concept of Privacy by Design (PbD).…”

Section: Privacy By Design Knowledgementioning

confidence: 99%

Synthesising Privacy by Design Knowledge Towards Explainable Internet of Things Application Designing in Healthcare

Alkhariji¹,

Alhirabi²,

Alraja³

et al. 2020

Preprint

View full text Add to dashboard Cite

Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. A vision is to develop an intelligent privacy assistant to whom developers can easily ask questions in order to learn how to incorporate different privacy-preserving ideas into their IoT application designs. This paper lays the foundations toward developing such a privacy assistant by synthesising existing PbD knowledge so as to elicit requirements. It is believed that such a privacy assistant should not just prescribe a list of privacy-preserving ideas that developers should incorporate into their design. Instead, it should explain how each prescribed idea helps to protect privacy in a given application design context-this approach is defined as 'Explainable Privacy'. A total of 74 privacy patterns were analysed and reviewed using ten different PbD schemes to understand how each privacy pattern is built and how each helps to ensure privacy. Due to page limitations, we have presented a detailed analysis in [3]. In addition, different real-world Internet of Things (IoT) use-cases, including a healthcare application, were used to demonstrate how each privacy pattern could be applied to a given application design. By doing so, several knowledge engineering requirements were identified that need to be considered when developing a privacy assistant. It was also found that, when compared to other IoT application domains, privacy patterns can significantly benefit healthcare applications. In conclusion, this paper identifies the research challenges that must be addressed if one wishes to construct an intelligent privacy assistant that can truly augment software developers' capabilities at the design phase.CCS Concepts: • Security and privacy → Human and societal aspects of security and privacy; Social aspects of security and privacy; • Software and its engineering → Software development process management; • Human-centered computing → Ubiquitous computing.

show abstract

Section: Privacy By Design Knowledgementioning

confidence: 99%

Synthesising Privacy by Design Knowledge Towards Explainable Internet of Things Application Designing in Healthcare

Alkhariji¹,

Alhirabi²,

Alraja³

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…The very first step of a DPIA is the systematic description of the processing operations (i.e. nature, scope, context, and purposes) [8] which serves as the basis for (i) allocating responsibilities and (ii) identifying and mitigating the risks to the data subjects' rights and freedoms [17]. Many tools and methods have been developed to assist in conducting DPIAs.…”

Section: Background and Motivationmentioning

confidence: 99%

The Bigger Picture: Approaches to Inter-organizational Data Protection Impact Assessment

et al. 2020

Self Cite

View full text Add to dashboard Cite

Contemporary data processing activities rarely involve a single actor acting as the controller but, rather, rely on complex inter-organizational collaborations or federations of (joint) controllers, processors, sub-processors, recipients, and third parties. However, current approaches in support of Data Protection Impact Assessment (DPIA) traditionally address data protection risks through the perspective of a single entity. As a result, the assessment of complex, inter-organizational data processing activities is scattered across multiple isolated efforts conducted by different parties. This approach leads to mismatches between the factual descriptions of data processing activities among the concerned entities, but also dilutes the argumentation related to the general principles governing the processing of personal data. In this paper, we explore and discuss the benefits and downsides of approaches that foster inter-organizational collaboration when conducting a DPIA. We distill and present the main requirements and then contrast two alternative approaches for inter-organizational and collaborative DPIA: the centralized approach versus the fully federated approach.

show abstract

“…Additionally, LINDDUN is also used by Ekdahl and Nyman in [10] for an investigation on GDPR compliance, and by Bisztray and Gruschka in [8] for investigation related to Privacy Impact Assessment. Furthermore, Sion et al in [19], as well as Dewitte et al in [24], use this methodology for investigations related to Data Protection by Design.…”

Section: Influence Of Technical Requirements On the Reference Architecturementioning

confidence: 99%

Operationalization of Privacy and Security Requirements for eHealth IoT Applications in the Context of GDPR and CSL

Tomashchuk

Landuyt

et al. 2020

Privacy Technologies and Policy

Self Cite

View full text Add to dashboard Cite

The Fourth Industrial Revolution imposes a number of unprecedented societal challenges and these are increasingly being addressed through regulation. This, in turn, lays the burden to adopt and implement the different concepts and principles (such as privacy-by-design) with practitioners. However, these concepts and principles are formulated by legal experts in a way that does not allow their direct usage by software engineers and developers, and the practical implications are thus not always obvious nor clear-cut. Furthermore, many complementary regulatory frameworks exist to which compliance should, in some cases, be reached simultaneously. In this paper, we address this generic problem by transforming the legal requirements imposed by the EU's General Data Protection Regulation (GDPR) and the China's Cybersecurity Law (CSL) into technical requirements for an exemplar case study of a generic eHealth IoT system. The derived requirements result from an interdisciplinary collaboration between technical and legal experts and are representative of the types of trade-off decisions made in such a compliance process. By means of this exemplar case study, we propose a set of generic requirement-driven elements that can be applied to similar IoT-based architectures and thereby reduce the role of supervision from a legal point of view in the development of such architectures.

show abstract

A comparison of system description models for data protection by design

Cited by 12 publications

References 17 publications

Synthesising Privacy by Design Knowledge Towards Explainable Internet of Things Application Designing in Healthcare

Synthesising Privacy by Design Knowledge Towards Explainable Internet of Things Application Designing in Healthcare

The Bigger Picture: Approaches to Inter-organizational Data Protection Impact Assessment

Operationalization of Privacy and Security Requirements for eHealth IoT Applications in the Context of GDPR and CSL

Contact Info

Product

Resources

About