Towards an Enforceable GDPR Specification
CoRR(2024)
摘要
While Privacy by Design (PbD) is prescribed by modern privacy regulations
such as the EU's GDPR, achieving PbD in real software systems is a notoriously
difficult task. One emerging technique to realize PbD is Runtime enforcement
(RE), in which an enforcer, loaded with a specification of a system's privacy
requirements, observes the actions performed by the system and instructs it to
perform actions that will ensure compliance with these requirements at all
times. To be able to use RE techniques for PbD, privacy regulations first need
to be translated into an enforceable specification. In this paper, we report on
our ongoing work in formalizing the GDPR. We first present a set of
requirements and an iterative methodology for creating enforceable formal
specifications of legal provisions. Then, we report on a preliminary case study
in which we used our methodology to derive an enforceable specification of part
of the GDPR. Our case study suggests that our methodology can be effectively
used to develop accurate enforceable specifications.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要