Tommaso Crepax scite author profile

To assure certain critical quality properties (e.g., safety, security, or privacy), supervisory authorities and industrial associations provide reference frameworks such as standards or guidelines that in some cases are enforced (e.g., regulations). Given the pace at which both technical advancements and risks appear, there is an increase in the number of reference frameworks. As several frameworks might apply for same systems, certain overlaps appear (e.g., regulations for different countries where the system will operate, or generic standards in conjunction with more concrete standards for a given industrial sector or system type). We propose the use of modelling for alleviating the complexity of these reference frameworks ecosystems, and we provide a tool-supported method to create them for the benefit of different stakeholders. The case study is based on privacy data protection, and more concretely on privacy impact assessment processes. The European GDPR regulates the movement and processing of personal data, and, contrary to available software engineering privacy guidelines, articles in legal texts are usually difficult to translate to the underlying processes, artefacts and roles that they refer to. To facilitate the mutual comprehension of legal experts and engineers, in this work we investigate how mappings can be created between these two domains of expertise. Notably, we rely on modelling as a central point. We modelled the legal requirements of the GDPR on data protection impact assessments, and then, we selected the ISO/IEC 29134, a mainstream engineering guideline for privacy impact assessment, and, taking a concrete sector as example, the EU Smart Grid Data Protection Impact Assessment template. The OpenCert tool was used for providing technical support to both the modelling and the creation of the mapping models in a systematic way. We provide a qualitative evaluation from legal experts and privacy engineering practitioners to report on the benefits and limitations of this approach.

show abstract

Blockchain in the Cloud: A Primer on Data Security for Blockchain as a Service (BaaS)

Crepax¹,

Rao²

2020

SSRN Journal

View full text Add to dashboard Cite

Upgrading the protection of children from manipulative and addictive strategies in online games

Crepax¹,

Mühlberg²

2022

IRIE

View full text Add to dashboard Cite

Despite the increasing awareness from academia, civil society and media to the issue of child manipulation online, the current EU regulatory system fails at providing sufficient levels of protection. Given the universality of the issue, there is a need to combine and further these scattered efforts into a unitary, multidisciplinary theory of digital manipulation that identifies causes and effects, systematizes the technical and legal knowledge on manipulative and addictive tactics, and to find effective regulatory mechanisms to fill the legislative gaps. In this paper we discuss manipulative and exploitative strategies in the context of online games for children, suggest a number of possible reasons for the failure of the applicable regulatory system, propose an “upgrade" for the regulatory approach to address these risks from the perspective of freedom of thought, and present and discuss technological approaches that allow for the development of games that verifiably protect the privacy and freedoms of players.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tommaso Crepax

Information technologies exposing children to privacy risks: Domains and children-specific technical controls

Modeling ecosystems of reference frameworks for assurance: a case on privacy impact assessment regulation and guidelines

Blockchain in the Cloud: A Primer on Data Security for Blockchain as a Service (BaaS)

Upgrading the protection of children from manipulative and addictive strategies in online games

Contact Info

Product

Resources

About