Data Protection by Design (DPbD) is a truly interdisciplinary effort that involves many stakeholders such as legal experts, requirements engineers, software architects, developers, and system operators. Building software-intensive systems that respect the fundamental rights to privacy and data protection is the result of intensive dialogue and careful trade-off decisions.In practice however, there is a dichotomy between the legal reasoning which is conducted in Data Protection Impact Assessments (DPIA) and software engineering approaches, such as threat modeling, aimed at identifying privacy requirements and privacy risks. These activities are commonly performed in total isolation, which negatively impacts (i) the compliance exercise, (ii) the ability to evolve the system over time, and (iii) the architectural trade-offs made during system design.In this article, we present an architectural viewpoint for describing software architectures from a legal, data protection perspective whose core modeling abstractions are based on an in-depth legal analysis of the EU General Data Protection Regulation. This viewpoint is tied to Data Flow Diagrams -commonly used in threat modeling-through correspondence rules. The proposed viewpoint supports the automation of a number of data protection impact assessment steps through (i) meta-model constraints, (ii) model analysis, and (iii) interaction with the involved stakeholders. This enables a streamlined compliance exercise, reconciling legal privacy and data protection notions with architecture-driven software engineering practices. We validate our approach in the context of a realistic e-health application for a number of complementary development scenarios.Index Terms-privacy by design, data protection, architectural viewpoint, GDPR, data protection by design, data protection impact assessment, accountability
Since the General Data Protection Regulation (GDPR) entered into force, every actor involved in the processing of personal data must comply with Data Protection by Design (DPbD). Doing so requires assessing the risks to data subjects' rights and freedoms and implementing appropriate countermeasures. While legal experts traditionally apply Data Protection Impact Assessments (DPIA), software engineers rely on threat modeling for their assessment. Despite significant differences, both approaches nonetheless revolve around (i) a description of the system and (ii) the identification, assessment and mitigation of specific risks. In practice, however, DPIAs and threat modeling are usually performed in complete isolation, following their own, unharmonized lexicon and abstractions. Such as disconnect lowers the quality of the assessment and of the conceptual and architectural trade-offsIn this paper, we present (i) an overview of the legal and architectural modeling requirements and (ii) incentives and recommendations for aligning both modeling paradigms in order to support data protection by design from both a legal and a technical perspective. CCS CONCEPTS• Social and professional topics → Governmental regulations; • Software and its engineering → Architecture description languages; System modeling languages; • Security and privacy → Security requirements; Software security engineering;
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.