GDPR (EU law for privacy) is not just a matter of lawyers or managers; quite the contrary, GDPR also concerns the software and systems engineers who create systems, products and services. That's why the PDP4E (Privacy and Data Protection for Engineering) project is aiming to put engineers in the loop, integrating privacy and data protection into engineering practice, by extending existing methods and tools (e.g. Papyrus, OpenCert), currently applied by mainstream engineering work, with features dealing with privacy and data protection. In particular, PDP4E is reusing a set of open source tools (most part of the Eclipse ecosystem), and introducing features from state-of-the-art privacy and data protection research, aligning them with mainstream software and systems engineering practice, as shown below.
In particular, we plan to present the developments in tools and methods for privacy and data protection engineering in these disciplines:
- Risk Management (aka Be Proactive, not Reactive) through the MUSA tool: it supports the execution of Privacy and Data Protection Impact Assessments (PIA / DPIA, mandated by GDPR) from an engineering perspective, by analyzing the risks associated to system models, facilitating the integration of legal requirements with actual technical mitigation actions to be implemented by engineers during the software development process.
- Requirements Engineering (aka Code is Law) through the Papyrus tool: GDPR establishes a set of data protection principles (including e.g. consent as one possible lawfulness basis) that must guide the development of any system; it compels data controllers and processors to abide by a set of legal obligations; and they must honor several rights of the data subjects (including data portability, right to erasure, etc.). PDP4E provides a method and tools for the translation from GDPR provisions into actionable technical requirements in systems development projects, relying upon the Papyrus framework, which is leveraged to support non-privacy savvy engineers during specification, analysis, and elicitation of GDPR-specific requirements.
- Model-Driven Design (aka Know Thyself) through the Papyrus tool: Privacy and Data Protection should be addressed “by design”, that is, since the onset of a project rather than as an afterthought. Appropriate software and system models can be leveraged and enriched with metadata that signals who, where and how processes personal data. Several model-driven engineering techniques and platforms like Papyrus are leveraged to provide three views at different levels of abstraction: data-oriented, process-oriented, and architecture models which are consistently developed and enriched so as to provide confidence about the effectiveness of privacy controls applied, implement algorithms and techniques to facilitate the application of strategies for data protection. Moreover, the validation and verification of privacy-related properties is addressed, in particular, at code level relying upon the Frama-C platform.
- Software and Systems Assurance (aka Be Good and Look Like) through the OpenCert tool. GDPR establishes the accountability and transparency principles, which entail that organizations show in an accessible and comprehensible way how they are processing personal data and that they demonstrate they are appropriately implementing all the requirements posed by GDPR. Assurance methods and tools are being used in PDP4E to demonstrate that compliance, through the recording of evidences that demonstrates that the processes determined by GDPR (or by ancillary standards and regulations), have been carried out and by adding argumentations which support that line.
The session will focus on presenting the methods that are being developed in the PDP4E project which address the four of those disciplines, and demonstrating the initial version of the PDP4E toolset.
It is expected that attendees acquire knowledge about the rationale, the methods, and the tools to introduce privacy and data protection engineering activities into the development process (see details in "Objective of the Presentation")
Intermediate expertise on MDE expected (see details in "Attendees prerequisites")