A Process for Assisting Privacy-by-Design Software Engineering

Abstract

International audienceToday, the mine vast troves of personal data contained in applications raises the issue of user privacy. Indeed, privacy is increasingly threatened by the spread of unethical practices by device and service providers. Despite the existence of privacy preservation standards such as the European General Data Protection Regulation (GDPR), effective since 2018, there is no widely adopted architectural solution for modeling and assessing privacy by design (PbD) of personal data, as proposed in the various principles of the GDPR. This article presents PRIvacy Assessment Model (PRIAM), which is an approach composedof a GDPR metamodel tooled with a Domain Specification Language and supports a process to protect personal data. The metamodel can be instantiated by architects and integrated in the design of their system, with minimum additional efforts to ensure compliance