Authors:
Evangelia Vanezi
;
Georgia M. Kapitsaki
;
Dimitrios Kouzapas
and
Anna Philippou
Affiliation:
Department of Computer Science, University of Cyprus, Nicosia and Cyprus
Keyword(s):
GDPR, Privacy Protection, π-calculus, Static Analysis, Privacy by Design.
Related
Ontology
Subjects/Areas/Topics:
Formal Methods
;
Service-Oriented Software Engineering and Management
;
Simulation and Modeling
;
Software and Systems Development Methodologies
;
Software Engineering
;
Software Engineering Methods and Techniques
Abstract:
Since the adoption of the EU General Data Protection Regulation (GDPR) in May 2018, designing software systems that conform to the GDPR principles has become vital. Modeling languages can be a facilitator for this process, following the principles of model-driven development. In this paper, we present our work on the usage of a π-calculus-based language for modeling and reasoning about the GDPR provisions of 1) lawfulness of processing by providing consent, 2) consent withdrawal, and 3) right to erasure. A static analysis method based on type checking is proposed to validate that a model conforms to associated privacy requirements. This is the first step towards a rigorous Privacy-By-Design methodology for analyzing and validating a software system model against the GDPR. A use case is presented to discuss and illustrate the framework.