Antonio Capodieci,Luca Mainetti,Stefano Lisi,Roberto Paiano,Sara Matino,Mariavittoria Ugirashebuja

DOI: https://doi.org/10.1007/s11042-024-20308-6

IF: 2.577

2024-11-06

Multimedia Tools and Applications

Abstract:The European Parliament adopted the European General Data Protection Regulation (GDPR, EU 2016/679), which revolutionized the legislative framework for personal data protection within the European Union. The GDPR mandates organizations to shift from a passive approach, relying on minimum security measures outlined in the 1994 EU Directive, to a proactive accountability-based approach. Organizations are expected to implement verification systems, foster continuous improvement, and follow principles such as privacy by design and privacy by default. The latter principle emphasizes incorporating privacy considerations throughout the entire engineering process. The challenge for organizations lies in effectively auditing their compliance with the GDPR. This study proposes a structured approach based on the business process modeling to aid in GDPR compliance. It involves identifying crucial compliance points for the GDPR. A case study is presented where the method is applied to a purchase of a health insurance policy process in the context of the Secure Safe Apulia project.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Ze Shi Li,Colin Werner,Neil Ernst,Daniela Damian

DOI: https://doi.org/10.48550/arXiv.2002.06830

2020-02-17

Abstract:The enactment of the General Data Protection Regulation (GDPR) in 2018 forced any organization that collects and/or processes EU-based personal data to comply with stringent privacy regulations. Software organizations have struggled to achieve GDPR compliance both before and after the GDPR deadline. While some studies have relied on surveys or interviews to find general implications of the GDPR, there is a lack of in-depth studies that investigate compliance practices and compliance challenges of software organizations. In particular, there is no information on small and medium enterprises (SMEs), which represent the majority of organizations in the EU, nor on organizations that practice continuous integration. Using design science methodology, we conducted an in-depth study over the span of 20 months regarding GDPR compliance practices and challenges in collaboration with a small, startup organization. We first identified our collaborator's business problems and then iteratively developed two artifacts to address those problems: a set of operationalized GDPR principles, and an automated GDPR tool that tests those GDPR-derived privacy requirements. This design science approach resulted in four implications for research and for practice. For example, our research reveals that GDPR regulations can be partially operationalized and tested through automated means, which improves compliance practices, but more research is needed to create more efficient and effective means to disseminate and manage GDPR knowledge among software developers.

Software Engineering

Ze Shi Li,Colin Werner,Neil Ernst,Daniela Damian

DOI: https://doi.org/10.1016/j.infsof.2022.106868

IF: 3.9

2022-06-01

Information and Software Technology

Abstract:Context: Complying with privacy regulations has taken on new importance with the introduction of the EU’s General Data Protection Regulation (GDPR) and other privacy regulations. Privacy measures are becoming a paramount requirement demanding software organizations’ attention as recent privacy breaches such as the Capital One data breach affected millions of customers. Software organizations, however, struggle with achieving privacy compliance. In particular, there is a lack of research into the organizational practices and challenges involved in compliance, particularly for small and medium enterprises (SMEs), which represent a sizeable portion of organizations. Many SMEs use a continuous software engineering (CSE) approach, which introduces additional adoption and application challenges. For example, the fast pace of CSE makes it harder for SMEs that are already more resource constrained to prioritize non-functional requirements such as privacy. Objective: This paper aims to fill a gap in the under-researched area of continuous compliance with privacy requirements in practice, by investigating how a continuous practicing SME dealt with GDPR compliance. Method: Using design science, we conducted an in-depth ethnographically informed study over the span of 16 months and iteratively developed two artifacts to help address the organization’s challenges in addressing GDPR compliance. Results: We identified 3 main challenges that our collaborating organization experienced when trying to comply with the GDPR. To help mitigate the challenges, we developed two design science artifacts, which include a list of privacy requirements that operationalized the GDPR principles for automated verification, and an automated testing tool that helps to verify these privacy requirements. We validated these artifacts through close collaboration with our partner organization and applying our artifacts to the partner organization’s system. Conclusions: We conclude with a discussion of opportunities and obstacles in leveraging CSE to achieve continuous compliance with the GDPR. We also highlight the importance of building a shared understanding of privacy non-functional requirements and how risk management plays an important role in an organization’s GDPR compliance.

computer science, information systems, software engineering

Lucas Franke,Huayu Liang,Sahar Farzanehpour,Aaron Brantly,James C. Davis,Chris Brown

2024-06-21

Abstract:Background: Governments worldwide are considering data privacy regulations. These laws, e.g. the European Union's General Data Protection Regulation (GDPR), require software developers to meet privacy-related requirements when interacting with users' data. Prior research describes the impact of such laws on software development, but only for commercial software. Open-source software is commonly integrated into regulated software, and thus must be engineered or adapted for compliance. We do not know how such laws impact open-source software development. Aims: To understand how data privacy laws affect open-source software development. We studied the European Union's GDPR, the most prominent such law. We investigated how GDPR compliance activities influence OSS developer activity (RQ1), how OSS developers perceive fulfilling GDPR requirements (RQ2), the most challenging GDPR requirements to implement (RQ3), and how OSS developers assess GDPR compliance (RQ4). Method: We distributed an online survey to explore perceptions of GDPR implementations from open-source developers (N=56). We further conducted a repository mining study to analyze development metrics on pull requests (N=31462) submitted to open-source GitHub repositories. Results: GDPR policies complicate open-source development processes and introduce challenges for developers, primarily regarding the management of users' data, implementation costs and time, and assessments of compliance. Moreover, we observed negative perceptions of GDPR from open-source developers and significant increases in development activity, in particular metrics related to coding and reviewing activity, on GitHub pull requests related to GDPR compliance. Conclusions: Our findings motivate policy-related resources and automated tools to support data privacy regulation implementation and compliance efforts in open-source software.

Software Engineering

George Danezis,Josep Domingo-Ferrer,Marit Hansen,Jaap-Henk Hoepman,Daniel Le Metayer,Rodica Tirtea,Stefan Schiffner

DOI: https://doi.org/10.2824/38623

2015-04-11

Abstract:Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.

Cryptography and Security

Damiano Torre,Mauricio Alferez,Ghanem Soltana,Mehrdad Sabetzadeh,Lionel Briand

DOI: https://doi.org/10.48550/arXiv.2007.12046

2020-07-23

Abstract:In Europe and indeed worldwide, the General Data Protection Regulation (GDPR) provides protection to individuals regarding their personal data in the face of new technological developments. GDPR is widely viewed as the benchmark for data protection and privacy regulations that harmonizes data privacy laws across Europe. Although the GDPR is highly beneficial to individuals, it presents significant challenges for organizations monitoring or storing personal information. Since there is currently no automated solution with broad industrial applicability, organizations have no choice but to carry out expensive manual audits to ensure GDPR compliance. In this paper, we present a complete GDPR UML model as a first step towards designing automated methods for checking GDPR compliance. Given that the practical application of the GDPR is influenced by national laws of the EU Member States, we suggest a two-tiered description of the GDPR, generic and specialized. In this paper, we provide (1) the GDPR conceptual model we developed with complete traceability from its classes to the GDPR, (2) a glossary to help understand the model, (3) the plain-English description of 35 compliance rules derived from GDPR along with their encoding in OCL, and (4) the set of 20 variations points derived from GDPR to specialize the generic model. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research.

Software Engineering

Yuri R. Ladeia,David M. Pereira

2024-09-18

Abstract:Background: The integration of the General Data Protection Regulation (GDPR) and the Medical Device Regulation (MDR) creates complexities in conducting Data Protection Impact Assessments (DPIAs) for medical devices. The adoption of non-binding standards like ISO and IEC can harmonize these processes by enhancing accountability and privacy by design. Methods: This study employs a multidisciplinary literature review, focusing on GDPR and MDR intersection in medical devices that process personal health data. It evaluates key standards, including ISO/IEC 29134 and IEC 62304, to propose a unified approach for DPIAs that aligns with legal and technical frameworks. Results: The analysis reveals the benefits of integrating ISO/IEC standards into DPIAs, which provide detailed guidance on implementing privacy by design, risk assessment, and mitigation strategies specific to medical devices. The proposed framework ensures that DPIAs are living documents, continuously updated to adapt to evolving data protection challenges. Conclusions: A unified approach combining European Union (EU) regulations and international standards offers a robust framework for conducting DPIAs in medical devices. This integration balances security, innovation, and privacy, enhancing compliance and fostering trust in medical technologies. The study advocates for leveraging both hard law and standards to systematically address privacy and safety in the design and operation of medical devices, thereby raising the maturity of the MedTech ecosystem.

Computers and Society

Piero A. Bonatti,Sabrina Kirrane,Iliana M. Petrova,Luigi Sauro

DOI: https://doi.org/10.1007/s13218-020-00677-4

2020-07-08

Abstract:The European General Data Protection Regulation (GDPR) calls for technical and organizational measures to support its implementation. Towards this end, the SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers and processors to automatically check if personal data processing and sharing complies with the obligations set forth in the GDPR. The primary contributions of the project include: (i) a policy language that can be used to express consent, business policies, and regulatory obligations; and (ii) two different approaches to automated compliance checking that can be used to demonstrate that data processing performed by data controllers/processors complies with consent provided by data subjects, and business processes comply with regulatory obligations set forth in the GDPR.

Oleksandra Klymenko,Oleksandr Kosenkov,Stephen Meisenbacher,Parisa Elahidoost,Daniel Mendez,Florian Matthes

DOI: https://doi.org/10.1145/3544902.3546234

2022-08-18

Abstract:Modern privacy regulations, such as the General Data Protection Regulation (GDPR), address privacy in software systems in a technologically agnostic way by mentioning general "technical measures" for data privacy compliance rather than dictating how these should be implemented. An understanding of the concept of technical measures and how exactly these can be handled in practice, however, is not trivial due to its interdisciplinary nature and the necessary technical-legal interactions. We aim to investigate how the concept of technical measures for data privacy compliance is understood in practice as well as the technical-legal interaction intrinsic to the process of implementing those technical measures. We follow a research design that is 1) exploratory in nature, 2) qualitative, and 3) interview-based, with 16 selected privacy professionals in the technical and legal domains. Our results suggest that there is no clear mutual understanding and commonly accepted approach to handling technical measures. Both technical and legal roles are involved in the implementation of such measures. While they still often operate in separate spheres, a predominant opinion amongst the interviewees is to promote more interdisciplinary collaboration. Our empirical findings confirm the need for better interaction between legal and engineering teams when implementing technical measures for data privacy. We posit that interdisciplinary collaboration is paramount to a more complete understanding of technical measures, which currently lacks a mutually accepted notion. Yet, as strongly suggested by our results, there is still a lack of systematic approaches to such interaction. Therefore, the results strengthen our confidence in the need for further investigations into the technical-legal dynamic of data privacy compliance.

Software Engineering

Vanessa Ayala-Rivera,A. Omar Portillo-Dominguez,Liliana Pasquale

DOI: https://doi.org/10.1016/j.jss.2024.112144

IF: 3.5

2024-06-24

Journal of Systems and Software

Abstract:Software should comply with international privacy laws, like the General Data Protection Regulation (GDPR). However, implementing appropriate technical controls is often an error-prone and time-consuming process. This is partly due to the limited knowledge of software engineers about privacy and security. This paper proposes SoCo, a semi-automated approach to support organizations in achieving software compliance with the GDPR data protection principles. To do so, SoCo supports engineers in identifying and integrating appropriate technical controls in sequence diagrams during the design phase. SoCo includes a technique to assist engineers to identify data processing activities in software applications modeled as sequence diagrams that may need to comply with the GDPR, a catalog of privacy and security controls that engineers can use to fix non-compliant activities, and a technique to implement such controls in the non-compliant sequence diagrams. Our evaluation results show that SoCo can help software engineers identify and design appropriate security controls to address GDPR violations and required moderate manual effort when applied to a substantive open-source application. Editor's note: Open Science material was validated by the Journal of Systems and Software Open Science Board .

computer science, theory & methods, software engineering

Manon Knockaert,Nathan De Vos

DOI: https://doi.org/10.1007/978-3-030-29326-0_12

2019-10-19

Abstract:The General Data Protection Regulation (GDPR) is the new EU legal framework for the Processing of Personal data. The use of any information related to an identified or identifiable person by a software will imply the compliance with this European legislation. The objective of this chapter is to focus on the processing of a specific category of personal data: sensitive data (mainly face recognition and voice recognition) to verify the user’s identity. Indeed, the GDPR reinforces requirements for security measures to ensure the integrity and confidentiality of these Personal data. We analyze three privacy aspects: the possibility to obtain a valid Consent from the user, how to ensure the transparency principle and the implication of openness and the framework to implement in order to use the feedback given by the system to the user. From an ethical point of view, the request for Consent is legitimized by the existence of a real assessment alternative left to the student. Then the different components of the right to transparency are illustrated by examples from the field. Finally, the question of feedback is expressed in the form of a dilemma highlighting the possible risks of poorly justified decisions due to the way feedback is exposed.

Asmita Dalela,Saverio Giallorenzo,Oksana Kulyk,Jacopo Mauro,Elda Paja

DOI: https://doi.org/10.48550/arXiv.2104.04030

2021-04-09

Abstract:Increased levels of digitalization in society expose companies to new security threats, requiring them to establish adequate security and privacy measures. Additionally, the presence of exogenous forces like new regulations, e.g., GDPR and the global COVID-19 pandemic, pose new challenges for companies that should preserve an adequate level of security while having to adapt to change. In this paper, we investigate such challenges through a two-phase study in companies located in Denmark -- a country characterized by a high level of digitalization and trust -- focusing on software development and tech-related companies. Our results show a number of issues, most notably i) a misalignment between software developers and management when it comes to the implementation of security and privacy measures, ii) difficulties in adapting company practices in light of implementing GDPR compliance, and iii) different views on the need to adapt security measures to cope with the COVID-19 pandemic.

Cryptography and Security

M. Emilia Cambronero,Miguel A. Martínez,Luis Llana,Ricardo J. Rodríguez,Alejandro Russo

DOI: https://doi.org/10.7717/peerj-cs.1898

2024-03-29

PeerJ Computer Science

Abstract:Data privacy is one of the biggest challenges facing system architects at the system design stage. Especially when certain laws, such as the General Data Protection Regulation (GDPR), have to be complied with by cloud environments. In this article, we want to help cloud providers comply with the GDPR by proposing a GDPR-compliant cloud architecture. To do this, we use model-driven engineering techniques to design cloud architecture and analyze cloud interactions. In particular, we develop a complete framework, called MDCT, which includes a Unified Modeling Language profile that allows us to define specific cloud scenarios and profile validation to ensure that certain required properties are met. The validation process is implemented through the Object Constraint Language (OCL) rules, which allow us to describe the constraints in these models. To comply with many GDPR articles, the proposed cloud architecture considers data privacy and data tracking, enabling safe and secure data management and tracking in the context of the cloud. For this purpose, sticky policies associated with the data are incorporated to define permission for third parties to access the data and track instances of data access. As a result, a cloud architecture designed with MDCT contains a set of OCL rules to validate it as a GDPR-compliant cloud architecture. Our tool models key GDPR points such as user consent/withdrawal, the purpose of access, and data transparency and auditing, and considers data privacy and data tracking with the help of sticky policies.

computer science, information systems, artificial intelligence, theory & methods

Lucas Franke,Huayu Liang,Aaron Brantly,James C Davis,Chris Brown

2024-01-26

Abstract:This poster describes work on the General Data Protection Regulation (GDPR) in open-source software. Although open-source software is commonly integrated into regulated software, and thus must be engineered or adapted for compliance, we do not know how such laws impact open-source software development.

Software Engineering,Computers and Society

Supreeth Shastri,Melissa Wasserman,Vijay Chidambaram

DOI: https://doi.org/10.48550/arXiv.1911.00498

2019-11-01

Abstract:In recent years, our society is being plagued by unprecedented levels of privacy and security breaches. To rein in this trend, the European Union, in 2018, introduced a comprehensive legislation called the General Data Protection Regulation (GDPR). In this article, we review GDPR from a systems perspective, and identify how the design and operation of modern cloud-scale systems conflict with this regulation. We illustrate these conflicts via six GDPR anti-patterns: storing data without a clear timeline for deletion; reusing data indiscriminately; creating walled gardens and black markets; risk-agnostic data processing; hiding data breaches; making unexplainable decisions. Our findings reveal deep-rooted tussle between GDPR requirements and how cloud-scale systems that process personal data have evolved in the modern era. While it is imperative to avoid these anti-patterns, we believe that achieving compliance requires comprehensive, grounds up solutions; anything short would amount to fixing a leaky faucet in a sinking ship.

Computers and Society

Alex Bowyer,Jack Holt,Josephine Go Jefferies,Rob Wilson,David Kirk,Jan David Smeddinck

DOI: https://doi.org/10.1145/3491102.3501947

2022-03-10

Abstract:In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

Human-Computer Interaction

Blagovesta Kostova,Seda Gürses,Carmela Troncoso

DOI: https://doi.org/10.48550/arXiv.2007.08613

2020-07-17

Abstract:Current day software development relies heavily on the use of service architectures and on agile iterative development methods to design, implement, and deploy systems. These practices result in systems made up of multiple services that introduce new data flows and evolving designs that escape the control of a single designer. Academic privacy engineering literature typically abstracts away such conditions of software production in order to achieve generalizable results. Yet, through a systematic study of the literature, we show that proposed solutions inevitably make assumptions about software architectures, development methods and scope of designer control that are misaligned with current practices. These misalignments are likely to pose an obstacle to operationalizing privacy engineering solutions in the wild. Specifically, we identify important limitations in the approaches that researchers take to design and evaluate privacy enhancing technologies which ripple to proposals for privacy engineering methodologies. Based on our analysis, we delineate research and actions needed to re-align research with practice, changes that serve a precondition for the operationalization of academic privacy results in common software engineering practices.

Software Engineering

Marco Cantamessa,Francesca Montagna,Stefania Altavilla,Alessandro Casagrande-Seretti

DOI: https://doi.org/10.1017/dsj.2020.25

2020-01-01

Design Science

Abstract:Abstract Digitalization and the momentous role being assumed by data are commonly viewed as pervasive phenomena whose impact is felt in all aspects of society and the economy. Design activity is by no means immune from this trend, and the relationship between digitalization and design is decades old. However, what is the current impact of this ‘data revolution’ on design? How will the design activity change? What are the resulting research questions of interest to academics? What are the main challenges for firms and for educational institutions having to cope with this change? The paper provides a comprehensive conceptual framework, based on recent literature and anecdotal evidence from the industry. It identifies three main streams: namely the consequences on designers, the consequences on design processes and the role of methods for data analytics. In turn, these three streams lead to implications at individual, organizational and managerial level, and several questions arise worthy of defining future research agendas. Moreover, the paper introduces relational diagrams depicting the interactions between the objects and the actors involved in the design process and suggests that what is occurring is by no means a simple evolution but a paradigmatic shift in the way artefacts are designed.

Andrea Carboni,Dario Russo,Davide Moroni,Paolo Barsocchi

DOI: https://doi.org/10.3389/fdgth.2022.934609

2023-02-13

Abstract:Privacy by design within a system for assisted living, personalised care, and wellbeing is crucial to protect users from misuse of the data collected about their health. Especially if the information is collected through audio-video devices, the question is even more delicate due to the nature of these data. In addition to guaranteeing a high level of privacy, it is necessary to reassure end users about the correct use of these streams. The evolution of data analysis techniques began to take on an important role and increasingly defined characteristics in recent years. The purpose of this paper is twofold: on the one hand, it presents a state of the art about privacy in European Active Healthy Ageing/Active Healthy Ageing projects, with a focus on those related to audio and video processing. On the other hand, it proposes a methodology, developed in the context of the European project PlatfromUptake.eu, to identify clusters of stakeholders and application dimensions (technical, contextual, and business), define their characteristics, and show how privacy constraints affect them. From this study, we then generated a Strengths, Weaknesses, Opportunities, and Threats analysis in which we aim to identify the critical features connected to the selection and involvement of relevant stakeholders for the success of a project. Applying this type of methodology to the initial stages of a project allows understanding of which privacy issues could be related to the various stakeholder groups and which problems can then affect the correct development of the project. The idea is, therefore, to suggest a privacy-by-design approach according to the categories of stakeholders and project dimensions. The analysis will cover technical aspects, legislative and policies-related aspects also regarding the point of view of the municipalities, and aspects related to the acceptance and, therefore, to the perception of the safety of these technologies by the final end users.

Supreeth Shastri,Melissa Wasserman,Vijay Chidambaram

DOI: https://doi.org/10.48550/arXiv.1903.09305

2019-05-15

Abstract:In recent years, our society is being plagued by unprecedented levels of privacy and security breaches. To rein in this trend, the European Union, in 2018, introduced a comprehensive legislation called the General Data Protection Regulation (GDPR). In this paper, we review GDPR from a system design perspective, and identify how its regulations conflict with the design, architecture, and operation of modern systems. We illustrate these conflicts via the seven GDPR sins: storing data forever; reusing data indiscriminately; walled gardens and black markets; risk-agnostic data processing; hiding data breaches; making unexplainable decisions; treating security as a secondary goal. Our findings reveal a deep-rooted tussle between GDPR requirements and how modern systems have evolved. We believe that achieving compliance requires comprehensive, grounds up solutions, and anything short would amount to fixing a leaky faucet in a sinking ship.

Computers and Society,Cryptography and Security