Publications

2018

Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering

April 2018. Yod-Samuel Martin, Antonio Kung

In this position paper we posit that, for Privacy by Design to be viable, engineers must be effectively involved and endowed with methodological and technological tools closer to their mindset, and which integrate within software and systems engineering methods and tools, realizing in fact the definition of Privacy Engineering. This position will be applied in the soon-to-start PDP4E project, where privacy will be introduced into existent general-purpose software engineering tools and methods, dealing with (risk management, requirements engineering, model-driven design, and software/systems assurance).

Agile risk management for multi-cloud software development

December 2018. Victor Muntés-Mulero, Oscar Ripollés, Smrati Gupta, Jacek Dominiak, Eric Willeke, Peter Matthews, Balázs Somosköi

Industry in all sectors is experiencing a profound digital transformation that puts software at the core of their businesses. To react to continuously changing user requirements and dynamic markets, companies need to build robust workflows that allow them to increase their agility in order to remain competitive. This increasingly rapid transformation, especially in domains such as Internet of things or cloud computing, poses significant challenges to guarantee high-quality software, since dynamism and agile short-term planning reduce the ability to detect and manage risks. In this study, the authors describe the main challenges related to managing risk in agile software development, building on the experience of more than 20 agile coaches operating continuously for 15 years with hundreds of teams in industries in all sectors. They also propose a framework to manage risks that consider those challenges and supports collaboration, agility, and continuous development. An implementation of that framework is then described in a tool that handles risks and mitigation actions associated with the development of multi-cloud applications. The methodology and the tool have been validated by a team of evaluators that were asked to consider its use in developing an urban smart mobility service and an airline flight scheduling system.

Smart Grid Challenges through the lens of the European General Data Protection Regulation

August 2019. Jabier Martinez, Alejandra Ruiz, Javier Puelles, Ibon Arechalde, Yuliya Miadzvetskaya

The European General Data Protection Regulation (GDPR) was conceived to protect the privacy of individual citizens and manage the movement of personal data. The Smart Grid has the same needs as any privacy-critical system and, compared to the engineering of other architectures, has the peculiarity of being the source of the energy consumption data, which is an indirect means to infer other personal information with potential professional or commercial value. This work looks at the Smart Grid from the perspective of the GDPR, which is especially relevant now given the current growth and diversiﬁcation of the Smart Grid ecosystem. We contribute a review of existing works showing the importance of energy consumption as valuable personal data, ananalysis of the established Smart Grid Architecture Model regarding GDPR compliance, and a list of technical and legal challenges where we can highlight the challenge of managing the data processing by third parties.

Model-driven Evidence-based Privacy Risk Control in Trustworthy Smart IoT Systems

September 2019. Victor Muntés-Mulero, Jacek Dominiak, Elena González, David Sanchez-Charles

Preventing privacy-related risks in the creation of Trustworthy Smart IoT Systems (TSIS) will be essential, not only because of the growing amount of regulations that impose strict mechanisms to control risks and quality, but also to effectively mitigate the effect of potential threats exploiting vulnerabilities that may jeopardize privacy. While privacy-related risks usually consider assets represented by elements of the functional description of a TSIS, most monitoring efforts are focused on monitoring security aspects related to the system architecture components and it is not straightforward to link the evidences collected through this monitoring systems to functional description elements, making it difficult to use this informationfor privacy-related risk management. In this paper, we propose a methodology for continuous risk management and a model for risks to increase trustworthiness in IoT systems by enabling continuous monitoring of privacy-related risks. Our approach is based in connecting our risk model with a modelling language to describe IoT architectures, such as that proposed in GeneSIS, and Data Flow Diagrams (DFD). With the combination of architecture (technical description) and data flow models (functional description), we enable continuous risk management using monitoring to improve risk assessment related to data protection issues, as required by GDPR.

Smart Grid Challenges through the Lens of the European General Data Protection Regulation

December 2019. Jabier Martínez, Alejandra Ruiz, Javier Puelles, Ibon Arechalde, Yulia Miadzvetskaya

The European General Data Protection Regulation (GDPR) was conceived to protect the privacy of individual citizens and manage the movement of personal data. The Smart Grid has the same needs as any privacy-critical system and, compared to the engineering of other architectures, has the peculiarity of being the source of the energy consumption data, which is an indirect means to infer other personal information with potential professional or commercial value. This work looks at the Smart Grid from the perspective of the GDPR, which is especially relevant now given the current growth and diversification of the Smart Grid ecosystem. We contribute a review of existing works showing the importance of energy consumption as valuable personal data, an analysis of the established Smart Grid Architecture Model regarding GDPR compliance, and a list of technical and legal challenges where we can highlight the challenge of managing the data processing by third parties.

8. Enabling Continuous Privacy Risk Management in IoT Systems

January 2020. Victor Muntés-Mulero, Jacek Dominiak, Elena González, David Sanchez-Charles

The next-generation IoT systems need to perform distributed processing and coordinated behavior across IoT, edge, and cloud infrastructures; manage the closed loop from sensing to actuation: and cope with vast heterogeneity, scalability, and dynamicity of IoT systems and their environments (Ferry et al., 2018). To unleash
the full potential of IoT, it is essential to facilitate the creation and operation of trustworthy Smart IoT Systems or, for short, TSIS. TSIS typically operate in changing and often unpredictable environments. Thus, the ability of these systems to continuously evolve and adapt to their new environment is essential to ensure and increase their trustworthiness, quality, and user experience. Besides, by 2021, the number of “connected things” will grow to 25 billion, according to Gartner.1 Thus, processes that were formerly run by humans will be automated, making it much more difficult to control data ownership, privacy, and regulatory compliance.

Preventative Nudges: Introducing Risk Cues for Supporting Online Self-Disclosure Decisions

August 2020. Nicolás E. Díaz Ferreyra, Tobias Kroll, Esma Aïmeur, Stefan Stieglitz, Maritta Heisel,

Like in the real world, perceptions of risk can influence the behavior and decisions that people make in online platforms. Users of Social Network Sites (SNSs) like Facebook make continuous decisions about their privacy since these are spaces designed to share private information with large and diverse audiences. In particular, deciding whether or not to disclose such information will depend largely on each individual’s ability to assess the corresponding privacy risks. However, SNSs often lack awareness instruments that inform users about the consequences of unrestrained self-disclosure practices. Such an absence of risk information can lead to poor assessments and, consequently, undermine users’ privacy behavior. This work elaborates on the use of risk scenarios as a strategy for promoting safer privacy decisions in SNSs. In particular, we investigate, through an online survey, the effects of communicating those risks associated with online self-disclosure. Furthermore, we analyze the users’ perceived severity of privacy threats and its importance for the definition of personalized risk awareness mechanisms. Based on our findings, we introduce the design of preventative nudges as an approach for providing individual privacy support and guidance in SNSs.

PDP-ReqLite: A Lightweight Approach for the Elicitation of Privacy and Data Protection Requirements

December 2020. Nicolás E. Díaz Ferreyra, Patrick Tessier, Gabriel Pedroza, Maritta Heisel,

With the introduction of the EU General Data Protection Regulation (GDPR), concerns about compliance started to arise among software companies inside and outside Europe. In order to achieve high compliance, software developers must consider those privacy and data protection goals defined across the different legal provisions in the GDPR. Prior work has introduced methods to systematically extract taxonomies of privacy requirements out of the GDPR’s legal provisions. That is, a hierarchy of meta-requirements that can be instantiated for each specific software project. Particularly, ProPAn is a requirements elicitation method which leverages such taxonomies with the aim of achieving high levels of compliance. However, despite of its benefits, the method presents a high documentation overhead and redundancy across the artifacts it generates. In this work, we introduce a lightweight method named PDP-ReqLite initially inspired from ProPAn that introduces new artifacts for the documentation of personal data and information flows in a system-to-be. The purpose of PDP-ReqLite is to improve usability and applicability by reducing documentation overhead and complexity, and by introducing means to automate tasks, e.g., automated requirements elicitation. In particular, this improved method provides additional features for incorporating new meta-requirements thus enlarging existing taxonomies.

Persuation Meets AI: Ethical considerations for the Design of Social Engineering Countermeasures

December 2020. Nicolás E. Díaz Ferreyra, Esma Aïmeur, Hicham Hage, Maritta Heisel and Catherine Van Hoogstraten

Privacy in Social Network Sites (SNSs) like Facebook or Instagram is closely related to people’s self-disclosure decisions and their ability to foresee the consequences of sharing personal information with large and diverse audiences. Nonetheless, online privacy decisions are often based on spurious risk judgements that make people liable to reveal sensitive data to untrusted recipients and become victims of social engineering attacks. Artificial Intelligence (AI) in combination with persuasive mechanisms like nudging is a promising approach for promoting preventative privacy behaviour among the users of SNSs. Nevertheless, combining behavioural interventions with high levels of personalization can be a potential threat to people’s agency and autonomy even when applied to the design of social engineering countermeasures. This paper elaborates on the ethical challenges that nudging mechanisms can introduce to the development of AI-based countermeasures, particularly to those addressing.

Protecting Citizens’ Personal Data and Privacy: Joint Effort from GDPR EU Cluster Research Projects

June 2020. Renata M. de Carvalho, Camillo Del Prete, Yod Samuel Martin, Rosa M. Araujo Rivero, Melek Önen, Francesco Paolo Schiavo, Ángel Cuevas Rumín, Haralambos Mouratidis, Juan C. Yelmo & Maria N. Koukovini

Confidence in information and communication technology services and systems is crucial for the digital society which we live in, but this confidence is not possible without privacy-enhancing tools and technologies, nor without risks management frameworks that guarantee privacy, data protection, and secure digital identities. This paper provides information on ongoing and recent developments in this area in the European Union (EU) space. We start by providing an overview of EU’s General Data Protection Regulation (GDPR) and proceed by identifying challenges concerning GDPR implementation, either technical or organizational. For this, we consider the work currently being done by a set of EU projects on the H2020 DS-08-2017 topic, namely BPR4GDPR, DEFeND, SMOOTH, PDP4E, PAPAYA and PoSeID-on, which address and aim at providing specific, operational solutions for the identified challenges. We briefly present these solutions and discuss the ways in which the projects cooperate and complement each other. Finally, we identify guidelines for further research