DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

Ta, Vinh-Thong; Eiza, Mahmoud Hashem

doi:10.2478/popets-2022-0028

Cited by 2 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formal ML PL Language Tool properties [3] × unnamed × [6] × CAPVerDE CAPVerDE [31] × unnamed DataProVe [24] × Prolog Prolog-based [25] × ×…”

Section: Solutionmentioning

confidence: 99%

“…Consent properties target why personal data is processed and not who has access to the data and are thus complementary. Some approaches verify consent properties at model level: they rely on smart contracts for blockchains [3], a specific architecture design and verification based on second-order logic [6], a policy language and an architecture description language [31], or logs to verify actions scheduling [24]. Three of those approaches rely on tools: Bavendiek et al [6], and Ta and Eiza [31] use their own dedicated tool, while de Montety et al use Prolog [24].…”

Section: Jif Jif [This Paper]mentioning

confidence: 99%

See 1 more Smart Citation

Context Specification Language for Formally Verifying Consent Properties on Models and Code

Clouet

Antignac

Arnaud

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language named CSpeL, which allows to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.

show abstract

“…Formal ML PL Language Tool properties [3] × unnamed × [6] × CAPVerDE CAPVerDE [31] × unnamed DataProVe [24] × Prolog Prolog-based [25] × ×…”

Section: Solutionmentioning

confidence: 99%

Section: Jif Jif [This Paper]mentioning

confidence: 99%

Context Specification Language for Formally Verifying Consent Properties on Models and Code

Clouet

Antignac

Arnaud

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Even with these privacy regulations, data protection principles sometimes need to be clarified, and manual conformance verification can be error-prone [15,58,62]. Additionally, the design of regulations overlooks the cognitive frame of personal intrusion to comprehend privacy issues [45,50].…”

Section: Privacy Regulations and Recommendationsmentioning

confidence: 99%

Evolution of Composition, Readability, and Structure of Privacy Policies over Two Decades

Adhikari

Das

Dewri

2023

PoPETs

View full text Add to dashboard Cite

Privacy policies outline data collection and sharing practices followed by an organization, together with choice and control measures available to users to manage the process. However, users have often needed help reading and understanding such documents, regardless of their being written in a natural language. The fundamental problems with privacy policies persist despite advancements in privacy design, frameworks, and regulations. To identify the causes of privacy policies being persistently challenging to comprehend, it is vital to investigate historical policy patterns and understand the evolution of privacy policies concerning information packaging and presentation. To this aid, we create a sentence-level classifier to conduct a large-scale longitudinal analysis on different privacy policies from 130,604 organizations, totaling approximately one million policies from 1997 to 2019. We annotate 10,717 sentences from 115 policies in the OPP-115 corpus to implement the classifier and then use those annotations to train the XLNet and BERT classifiers. Results from our analysis reveal that specific data practice categories experience more frequent policy changes than others, making it challenging to track relevant information over time. In addition, we discover that every category has distinct composition, readability, and structural issues, which exacerbate when categories frequently co-occur in a document. Based on our observations, we provide recommendations for policy articulation and revision to make privacy policy documents conform to better coherence and structure.

show abstract

DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

Cited by 2 publications

References 17 publications

Context Specification Language for Formally Verifying Consent Properties on Models and Code

Context Specification Language for Formally Verifying Consent Properties on Models and Code

Evolution of Composition, Readability, and Structure of Privacy Policies over Two Decades

Contact Info

Product

Resources

About