Abstract
The notion of processing purpose, as set out in the EU General Data Protection Regulation (GDPR), comprises a crucial part of a software system’s privacy policy. Processing purposes are meant to characterize the usage of personal data within a system. In this work, we propose a formal type language for defining purposes as the communication exchanges between a system’s entities, based on session types enhanced with privacy notions. In order to provide software engineers with the means to easily define processing purposes, we encode the formal language syntax to a UML-based domain model and we present DiálogoP, a tool that supports the graphical model definition and subsequently translates it into formal language definitions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
Full-size figures can be found at http://www.cs.ucy.ac.cy/seit/dialogop/.
- 3.
Iconset source: https://www.iconfinder.com/iconsets/message-and-communication-sets, under Creative Commons License Attribution 3.0 Unported (CC BY 3.0).
References
Caramujo, J., da Silva, A.R., Monfared, S., Ribeiro, A., Calado, P., Breaux, T.: RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies. Requir. Eng. 24(1), 1–26 (2019). https://doi.org/10.1007/s00766-018-0305-2
European Parliament and Council of the European Union: General data protection regulation (2015). Official Journal of the European Union
Honda, K., Vasconcelos, V.T., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0053567
Honda, K., Yoshida, N., Carbone, M.: Multiparty asynchronous session types. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 273–284 (2008)
Ingolfo, S., Siena, A., Mylopoulos, J.: Nómos 3: reasoning about regulatory compliance of requirements. In: IEEE Requirements Engineering Conference, pp. 313–314. IEEE (2014)
Kouzapas, D., Philippou, A.: Privacy by typing in the \(\pi \)-calculus. Logical Methods Comput. Sci. 13(4), 1–42 (2017)
Mougiakou, E., Virvou, M.: Based on GDPR privacy in UML: case of e-learning program. In: International Conference on Information, Intelligence, Systems & Applications, pp. 1–8. IEEE (2017)
Ribeiro, A., da Silva, A.R.: RSLingo4Privacy studio-a tool to improve the specification and analysis of privacy policies. In: ICEIS, vol. 2, pp. 52–63 (2017)
Pardo, R., Colombo, C., Pace, G.J., Schneider, G.: An automata-based approach to evolving privacy policies for social networks. In: Falcone, Y., Sánchez, C. (eds.) RV 2016. LNCS, vol. 10012, pp. 285–301. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46982-9_18
Takeuchi, K., Honda, K., Kubo, M.: An interaction-based language and its typing system. In: Halatsis, C., Maritsas, D., Philokyprou, G., Theodoridis, S. (eds.) PARLE 1994. LNCS, vol. 817, pp. 398–413. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58184-7_118
Torre, D., Soltana, G., Sabetzadeh, M., Briand, L.C., Auffinger, Y., Goes, P.: Using models to enable compliance checking against the GDPR: an experience report. In: 2019 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, pp. 1–11. IEEE (2019)
Zeni, N., Kiyavitskaya, N., Mich, L., Cordy, J.R., Mylopoulos, J.: GaiusT: supporting the extraction of rights and obligations for regulatory compliance. Requir. Eng. 20(1), 1–22 (2015). https://doi.org/10.1007/s00766-013-0181-8
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Vanezi, E., Kapitsaki, G.M., Kouzapas, D., Philippou, A., Papadopoulos, G.A. (2020). DiálogoP - A Language and a Graphical Tool for Formally Defining GDPR Purposes. In: Dalpiaz, F., Zdravkovic, J., Loucopoulos, P. (eds) Research Challenges in Information Science. RCIS 2020. Lecture Notes in Business Information Processing, vol 385. Springer, Cham. https://doi.org/10.1007/978-3-030-50316-1_40
Download citation
DOI: https://doi.org/10.1007/978-3-030-50316-1_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50315-4
Online ISBN: 978-3-030-50316-1
eBook Packages: Computer ScienceComputer Science (R0)