PDP-ReqLite : A Lightweight Approach for the Elicitation of Privacy and Data Protection Requirements
| Autor: | Patrick Tessier, Maritta Heisel, Nicolás Emilio Díaz Ferreyra, Gabriel Pedroza |
|---|---|
| Přispěvatelé: | Universität Duisburg-Essen [Essen], Laboratoire d'Intégration des Systèmes et des Technologies (LIST), Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA), European Project: 787034,PDP4E, Universität Duisburg-Essen = University of Duisburg-Essen [Essen], Laboratoire d'Intégration des Systèmes et des Technologies (LIST (CEA)) |
| Jazyk: | angličtina |
| Rok vydání: | 2020 |
| Předmět: |
data protection
privacy requirements engineering business.industry Computer science 020207 software engineering Usability 02 engineering and technology Requirements elicitation [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE] [INFO.INFO-IA]Computer Science [cs]/Computer Aided Engineering [INFO.INFO-MO]Computer Science [cs]/Modeling and Simulation Informatik Documentation Software General Data Protection Regulation 0202 electrical engineering electronic engineering information engineering Redundancy (engineering) Data Protection Act 1998 Overhead (computing) 020201 artificial intelligence & image processing GDPR business Software engineering |
| Zdroj: | Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM 2020, CBT 2020. Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM 2020, CBT 2020., pp.161-177, 2020, 978-3-030-66172-4. ⟨10.1007/978-3-030-66172-4_10⟩ Data Privacy Management, Cryptocurrencies and Blockchain Technology-ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Papers Lecture Notes in Computer Science Lecture Notes in Computer Science-Data Privacy Management, Cryptocurrencies and Blockchain Technology Lecture Notes in Computer Science ISBN: 9783030661717 DPM/CBT@ESORICS |
| ISSN: | 0302-9743 1611-3349 |
| DOI: | 10.1007/978-3-030-66172-4_10⟩ |
| Popis: | ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Revised Selected Paper; International audience; With the introduction of the EU General Data Protection Regulation (GDPR), concerns about compliance started to arise among software companies inside and outside Europe. In order to achieve high compliance, software developers must consider those privacy and data protection goals defined across the different legal provisions in the GDPR. Prior work has introduced methods to systematically extract taxonomies of privacy requirements out of the GDPR's legal provisions. That is, a hierarchy of meta-requirements that can be instantiated for each specific software project. Particularly, ProPAn is a requirements elicitation method which leverages such taxonomies with the aim of achieving high levels of compliance. However, despite of its benefits, the method presents a high documentation overhead and redundancy across the artifacts it generates. In this work, we introduce a lightweight method named PDP-ReqLite initially inspired from ProPAn that introduces new artifacts for the documentation of personal data and information flows in a system-to-be. The purpose of PDP-ReqLite is to improve usability and applicability by reducing documentation overhead and complexity, and by introducing means to automate tasks, e.g., automated requirements elicitation. In particular, this improved method provides additional features for incorporating new meta-requirements thus enlarging existing taxonomies. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|