1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Privacy and Data Protection by
Design
CEA, UPM, Beawre, Trialog
Methods and Tools for Privacy and Data
Protection by Design
2020/03/10
2. Outline
Privacy and Data Protection by Design (PDPbD): context and challenges
Proposed method for PDPbD
Tool support for the method
Personal Data Detector Module
Module for Privacy Model-driven design
Module for Code Validation
Work progress and perspectives
2019/03/10 Privacy and Data Protection by Design PDP4E
3. Context
Design engineers’ ecosystem:
Several stakeholders and actors
Variety of needs and objectives
Solution for conflicting goals/reqs.
Designer’s questions to address:
Which privacy-aspects introduce
during systems design?
How identified concerns can be
considered at early design steps?
How privacy-by-design can be
effectively realized?
2019/03/10 PDP4E
Data
Industry
Developers
Individuals
Policy
makers
Attackers
Wistleblowers
Engineers
Dark/hidden
actors
Image borrowed from https://www.digitalvidya.com/
Privacy and Data Protection by Design
Privacy and Data Protection by Design
4. PDP by Design Method
2019/03/10 PDP4E
Main characteristics:
Combined bottom-up and top-
down approaches:
From data structures to data and
data-flow (process) models
Allocation over an architecture
model
Architecture refinement towards
code
Identification of personal data
Models improved by Privacy-by-
design strategies (ISO 27550)
Validation of properties at code
level
Privacy and Data Protection by Design
5. Tool support for the PDPbD method
2019/03/10 PDP4E
PDPbD Framework
1) Personal Data Detector
- Data structures
- Identified
personal data
- Confidence
scores
Code validation and
verification
- Privacy flaws
- Code improvement
2) Privacy Model-driven designer
3) Module for Code Validation
Target of Validation
- Components
- Pointers to code
- Privacy properties
Privacy and Data Protection by Design
6. Interactions with other PDP4E tools
Tool support for the PDPbD method
2019/03/10 PDP4E
WP5
Risks
Requirements
Assurance
Requirements engineering:
• From GDPR
• As elicited from ProPAn
• Integrating aspects from ISO 29100
Risks analysis:
• Impacted assets
• Countermeasures, PETs
• DFDs ↔ Arch.
Assurance process:
• Reqs. Fulfillment
• Targets of validation
• V&V cases/outcomes
Personal Data Detector
• SQL data
• Scores on SQL data
• Exporting SQL data and
scores
Papyrus Data Models
• Instances of imported SQL
data
• Abstract representation of
imported SQL data
• Extension of UML class
diagrams
Papyrus Process Models
• Processes involving data
• Associations to abstract
representation of data
• Extension of UML Activity
diagrams (DFD)
Papyrus Architecture Models
• Non-automated allocation/mapping to target functional architecture
• Functional architecture : UML Composite Structure diagrams
• Components architecture: UML Composite Structure diagrams
Code Validation
• Requirements/properties
• Frama-C
• SecureFlow
• Extensions for PDP
Privacy and Data Protection by Design
9. Personal
data
detector
Privacy and Data Protection
Model-driven Design
PDP4E
- Code validation
and verification
- Code improvement
Risk
Management
Requirem.
Engineering
Systems
Assurance
System (Asset)
models
Evidences
(traceability, V&V…)
Privacy Controls
Requirements
(GDPR, ISO29100)
2019/03/10 Privacy and Data Protection by Design
10. Privacy and Data Protection
Model-driven Design Usage
1)Choose design
strategy to fulfill
goals/requirements
2)Design/enrich
system Process
models
3)Apply strategy
(e.g., inform,
control, enforce,
demonstrate)
1)Choose design
strategy to fulfill
goals/requirements
2)Design/enrich
system data models
3)Apply strategy
(e.g., minimize,
separate, abstract,
hide)
WP5 PDP4E
2019/03/10
Privacy and Data Protection by Design
11. Privacy and Data Protection
Model-driven Design
2019/03/10 PDP4E
Implementation
Excerpt of Art. 7
1) GDPR metamodel
2) Profile: PDPbD Framework DSML
3) Privacy Mechanisms
- GDPR Libraries (patterns)
- PDP Techniques 4) Front-end customization
- GUI, explorer filters
- menus, palettes
Privacy and Data Protection by Design
12. Privacy and Data Protection
Model-driven Design
PDP4E
Data-oriented model
Abstract data
Structured data
User defined data types
Predefined types:
Table
DataLink
OpaqueData
Table Import
Data-oriented strategies:
Minimize
Separate
Abstract
Hide
2019/03/10 Privacy and Data Protection by Design
13. Privacy and Data Protection
Model-driven Design
PDP4E
Data-oriented strategies (27550 – Privacy Engineering)
2019/03/10 Privacy and Data Protection by Design
14. Privacy and Data Protection
Model-driven Design
Built-in techniques: K-anonymity
Quasi-identifiers
Models are associated to strategies
Implemented strategies help to improve models
Conformity with privacy principles
PDP4E 14
2020/03/10 Privacy and Data Protection by Design
15. Privacy and Data Protection
Model-driven Design
Built-in techniques: K-anonymity
2-Anonymized table
PDP4E 15
2020/03/10 Privacy and Data Protection by Design
16. Privacy and Data Protection
Model-driven Design
PDP4E
Process-oriented model
DFD implementation:
External entities
Data stores
Processes
Directed data flows
DFD Refinement
DFD-L0 to DFD-L1
Data-oriented strategies:
Inform
Control
Enforce
Demonstrate
Level 0 DFD
2019/03/10
Level 1 DFD
Strategies dialog
Privacy and Data Protection by Design
17. Privacy and Data Protection
Model-driven Design
Implementation of a Data Flow Diagram (DFD)
Process
External Entities
Data Store
Data Flow Edges
Input / Output Pins
PDP4E 17
2020/03/10 Privacy and Data Protection by Design
18. Privacy and Data Protection
Model-driven Design
PDP4E
Process-oriented strategies (ISO 27550 – Privacy Engineering)
2019/03/10 Privacy and Data Protection by Design
19. Privacy and Data Protection
Model-driven Design
Built-in technique: Consent Pattern
The pattern introduces GDPR consent notions
The pattern is applied on a target DFD model
Instantiation guidance for the user
PDP4E 19
2020/03/10
Conditions for Consent (GDPR):
Where processing is based on consent, the controller
shall be able to demonstrate that the data subject has
consented to processing of his or her personal data.
Privacy and Data Protection by Design
20. Privacy and Data Protection
Model-driven Design
Built-in technique: Consent Pattern Instantiation
Detailed view
PDP4E 20
2020/03/10 Privacy and Data Protection by Design
21. Privacy and Data Protection
Model-driven Design
Architecture model
Components supporting –functional- processes and tasks
Detailed view of components
Vulnerabilities
Privacy measures (PETS)
Technology
Subcomponents
Ports
Connectors
PDP4E 21
2020/03/10 Privacy and Data Protection by Design
22. Privacy and Data Protection
Model-driven Design
Built-in technique: Process-to-Architecture Allocation
Generate functional architecture aligned to DFD
Manually explore allocation: Process/Tasks Component/subcomponent
Reference to external artefacts, e.g., code
PDP4E 22
2020/03/10 Privacy and Data Protection by Design
24. Current status and perspectives
PDP4E
Deliverables available in (https://pdp4e-project.eu)
Task 5.1:
D5.4 Specification of the method for Privacy and Data Protection by Design (M14)
Task 5.2:
D5.1, D5.2 Specification of PDPbD Framework (M14, M18)
Task 5.3:
D5.6 First release of the PDPbD Framework (M18)
Perspectives:
Framework validation through Smart Grid Case Study
Consolidation of the PDPbD Framework
Dissemination and exploitation through publications and meetups
2019/03/10 WP5
25. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
For more information, visit:
www.pdp4e-project.org
Thank you for your attention
Questions?
WP Leader: CEA
gabriel.pedroza@cea.fr