DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Praitano, Andrea; Tsohou, Aggeliki; Mouratidis, Haralambos; Crespo, Beatriz Gallego-Nicasio; Bernard, Jean Baptiste; Fiorani, M; Magkos, Emmanouil; Sanz, Andrès Castillo; Pavlidis, Michalis; D’Addario, Roberto; Zorzino, Giuseppe Giovanni

doi:10.1007/978-3-030-27813-7_6

Cited by 32 publications

(44 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1. DSM components, modules and DSM Data Models (green rectangles) [12,16,17] in DSM are the Data Assessment Model (DAM) and the Data Privacy Model (DPM). DAM is produced in the Data Assessment Component (DAC), then read in the Data Privacy Analysis Component (DPAC) that in turn produces the DPM model.…”

Section: Dsm Components Integrated Tools and Data Modelsmentioning

confidence: 99%

“…DAM is produced in the Data Assessment Component (DAC), then read in the Data Privacy Analysis Component (DPAC) that in turn produces the DPM model. The DPM model is then used by other services of the DEFeND Platform, for instance from the GDPR Reporting Service [12]. Concerning DSM components and modules ( Fig.…”

Section: Dsm Components Integrated Tools and Data Modelsmentioning

confidence: 99%

“…This paper provides a novel structured framework and a toolkit that fulfils this gap of the current state of the art. The Data Scope Management (DSM) solution presented is part of the DEFeND EU Project 2 platform [12], and builds on previous work presented at [12]. In particular, this paper addresses the following Research Questions (RQs):…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Piras

Al-Obeidallah

Pavlidis

et al. 2020

Trust, Privacy and Security in Digital Business

Self Cite

View full text Add to dashboard Cite

The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

show abstract

Section: Dsm Components Integrated Tools and Data Modelsmentioning

confidence: 99%

Section: Dsm Components Integrated Tools and Data Modelsmentioning

confidence: 99%

See 1 more Smart Citation

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Piras

Al-Obeidallah

Pavlidis

et al. 2020

Trust, Privacy and Security in Digital Business

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, the focus is primarily on the architecture as opposed to the design of a usable and understandable user interface. Consent, compliance, and transparency systems [16,24,34], tools 8 and dashboards [26,5,2] are a related topic in the privacy literature as well as in industry, however, in this paper we focus primarily on the UI aspects of a consent request. Although consent request design features offered by Railean et al [25] have some promising results, the authors received inconsistent outcomes concerning the comprehension of their "privacy facts" labels which indicates a need for a reevaluation.…”

Section: Related Workmentioning

confidence: 99%

Privacy CURE: Consent Comprehension Made Easy

Drozd

Kirrane

2020

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Although the General Data Protection Regulation (GDPR) defines several potential legal bases for personal data processing, in many cases data controllers, even when they are located outside the European Union (EU), will need to obtain consent from EU citizens for the processing of their personal data. Unfortunately, existing approaches for obtaining consent, such as pages of text followed by an agreement/disagreement mechanism, are neither specific nor informed. In order to address this challenge, we introduce our Consent reqUest useR intErface (CURE) prototype, which is based on the GDPR requirements and the interpretation of those requirements by the Article 29 Working Party (i.e., the predecessor of the European Data Protection Board). The CURE prototype provides transparency regarding personal data processing, more control via a customization, and, based on the results of our usability evaluation, improves user comprehension with respect to what data subjects actually consent to. Although the CURE prototype is based on the GDPR requirements, it could potentially be used in other jurisdictions also.

show abstract

“…The on-going EU SMOOTH project [38] plans on automating compliance by combining machine learning (such as text mining) and software analysis (such as mobile apps). The DEFeND project [39] approaches the problem of enforcing Consent by creating a set of tools organisations can use to create and monitor contracts, along with providing notifications. A key component, similar to Project SPECIAL, is the detection of inconsistencies between Consent and usage of data.…”

Section: Related Workmentioning

confidence: 99%

Towards an Accountable Web of Personal Information: The Web-of-Receipts

Jesus

2020

IEEE Access

View full text Add to dashboard Cite

Consent is a corner stone in any Privacy practice or public policy. Much beyond a simple ''accept'' button, we show in this paper that obtaining and demonstrating valid Consent can be a complex matter since it is a multifaceted problem. This is important for both Organisations and Users. As shown in recent cases, not only cannot an individual prove what they accepted at any point in time, but also organisations are struggling with proving such consent was obtained leading to inefficiencies and noncompliance. To a large extent, this problem has not obtained sufficient visibility and research effort. In this paper, we review the current state of Consent and tie it to a problem of Accountability. We argue for a different approach to how the Web of Personal Information operates: the need of an accountable Web in the form of Personal Data Receipts which are able to protect both individuals and organisation. We call this evolution the Web-of-Receipts: online actions, from registration to real-time usage, is preceded by valid consent and is auditable (for Users) and demonstrable (for Organisations) at any moment by using secure protocols and locally stored artefacts such as Receipts. The key contribution of this paper is to elaborate on this unique perspective, present proof-of-concept results and lay out a research agenda. INDEX TERMS Privacy, consent, accountability, web-of-receipts, personal data receipts.

show abstract

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Cited by 32 publications

References 9 publications

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Privacy CURE: Consent Comprehension Made Easy

Towards an Accountable Web of Personal Information: The Web-of-Receipts

Contact Info

Product

Resources

About