A Process for Assisting Privacy-by-Design Software Engineering

International audienceToday, the mine vast troves of personal data contained in applications raises the issue of user privacy. Indeed, privacy is increasingly threatened by the spread of unethical practices by device and service providers. Despite the existence of privacy preservation standards such as the European General Data Protection Regulation (GDPR), effective since 2018, there is no widely adopted architectural solution for modeling and assessing privacy by design (PbD) of personal data, as proposed in the various principles of the GDPR. This article presents PRIvacy Assessment Model (PRIAM), which is an approach composedof a GDPR metamodel tooled with a Domain Specification Language and supports a process to protect personal data. The metamodel can be instantiated by architects and integrated in the design of their system, with minimum additional efforts to ensure compliance

Leveraging a Microservice Architecture, Access Control and Interoperability Patterns to Manage Privacy-related User Consents

Short paperInternational audienceConsent management is of paramount importance when processing personal data. It is now prescribed as mandatory by regulations such as the GDPR. This article presents a micro-service architecture providing a protocol for access control including authentication, authorization management, and externalized consent management based on the ABAC (Attribute-Based Access Control) and the side-car architecture patterns. The experimentation on a case example validates that its integration is light and non intrusive for existing applications

A Process for Assisting Privacy-by-Design Software Engineering

International audienceToday, the mine vast troves of personal data contained in applications raises the issue of user privacy. Indeed, privacy is increasingly threatened by the spread of unethical practices by device and service providers. Despite the existence of privacy preservation standards such as the European General Data Protection Regulation (GDPR), effective since 2018, there is no widely adopted architectural solution for modeling and assessing privacy by design (PbD) of personal data, as proposed in the various principles of the GDPR. This article presents PRIvacy Assessment Model (PRIAM), which is an approach composedof a GDPR metamodel tooled with a Domain Specification Language and supports a process to protect personal data. The metamodel can be instantiated by architects and integrated in the design of their system, with minimum additional efforts to ensure compliance