Design For Accessibility: Getting it right from the start
Granular or holistic approaches 210126 Alejandra Ruiz
1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Granular or Holistic Approach?
Enforcing Privacy Rights in
Complex ICT Ecosystems
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 1
Dr. Alejandra Ruiz, Tecnalia
2. Question 3 on the way forward
❑How can this work?
❑Do we need a roadmap?
❑Can we have a community?
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 2
Community
Models for application
privacy protection
Health
Social
network
e-Commerce Fintech IoT …
Models for privacy
engineering
Risk
management
Requirement
engineering
Privacy-by-
design
Privacy
assurance
…
4. Model engineering
and Model-driven engineering
25 January 2021 - CPDP 2021
Model engineering
constructing proportionally-scaled
miniature working
representations
of full-sized machines
Model driven engineering
expressing specifications
through processable models.
Diagram orientation
(e.g. UML diagrams)
Slide 4
https://www.pdp4e-project.eu/
5. Why models for application privacy
protection?
❑When models are defined properly
❑They explain in a non ambiguous way privacy protection capabilities
❑They are easier to understand by non technical stakeholders
❑They can focus on organisational measures (not possible with source code)
❑They can be reused
❑They can be used for privacy compliance check
❑They can benefit from wider expertise scrutiny
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 5
6. Privacy-by-Model Community
❑Open repository of models
❑for application privacy
protection
❑for privacy engineering
❑Models are developed by
❑Application privacy
protection projects
❑Privacy engineering projects
❑Repository and models are
managed by
❑Privacy-by-model
community
25 January 2021 - CPDP 2021 Promotion of PDP4E - Alliance Slide 6
Privacy-by-
model
community
Repository of models
Models for
application
privacy
protection
Application
Privacy
Protection
projects
Models for
privacy
engineering
Privacy
Engineering
projects
Development of models
Project level Community level
7. Application privacy protection projects
❑They focus on providing a privacy
protection model
❑Project are independent and domain
specific
❑Own governance
❑Own members
❑Projects can compete
❑Two different privacy protection models for
the same application
❑Projects can provide variants
❑Model that is GDPR compliant
❑Model that follows a given standard
▪ ISO 31700 Privacy-by-design for consumer
goods and services
❑Examples
❑Consumer projects
▪ Contact tracing
▪ Social network
▪ Smart city sharing (car, bike, scooter)
▪ eCommerce (click and collect)
▪ Navigation systems
❑IoT projects
▪ Connected vehicles
▪ Smart energy
▪ Smart home
▪ Assisted living and healthcare
▪ Smart city surveillance
❑Data space projects
▪ Marketing analysis
▪ Personal data ecosystem
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 7
8. Privacy engineering projects
❑They focus on privacy
engineering practices
❑Projects are independent
❑Own governance
❑Own members
❑Engineering projects can
compete
❑For instance, two different tools
based on different standards
❑Examples
❑Privacy threat analysis practice
❑Privacy-by-design practice
❑Privacy assurance practice
25 January 2021 - CPDP 2021 Promotion of PDP4E - Alliance Slide 8
10. Roadmap
25 January 2021 - CPDP 2021 Promotion of PDP4E - Alliance Slide 10
TF1: Towards
operational
governance
TF2: Towards
operational
privacy-by-model
processes
TF3: Towards initial
projects
Operational
Community
Governance
Operational
Privacy-by-model
processes
Operational
Application
protection project 1
Operational
privacy engineering
project 1
11. Task force 1: Towards operational
governance
❑Participants
❑Competence need
▪ community management
▪ business model (how many projects will be
needed, what are the membership fees)
▪ Communication
❑Work
❑Connects open models to open source
implementation
❑Connects to existing pattern repositories
❑Prepare statutes
❑Analyse growth objectives
❑Outcome
❑Board structure
❑Statutes
25 January 2021 - CPDP 2021 Promotion of PDP4E - Alliance Slide 11
Operational
Community
Governance
12. Task force 2: Towards operational
privacy-by-model processes
❑Participants
❑Competence need: privacy use case,
modelling
❑Work
❑Define a model template with generic
content
❑Define a model validation scheme
❑Provide guide with a toy example
❑Prepare for standardisation of model
❑Outcome
❑Privacy-by-model process guidance
❑Model template (see next slide)
25 January 2021 - CPDP 2021 Promotion of PDP4E - Alliance Slide 12
Operational
Privacy-by-model
processes
13. Task force 3: Towards initial projects
❑Participants privacy engineering
❑Competence need: PDP4E tools
❑Participants application privacy
protection
❑Competence need: C-ITS privacy
protection
❑Work
❑Prepare exploitation of PDP4E tools
❑Prepare a model for C-ITS that can
be published
❑Outcome
❑Proposal for application protection
project 1
❑Proposal for privacy engineering
project 1
25 January 2021 - CPDP 2021 Promotion of PDP4E - Alliance Slide 13
Operational
Application
protection project 1
Operational
privacy engineering
project 1
14. PDP4E Privacy and Data protecton for Engineering
“Endow engineers with privacy and data protection tools aligned to their mindset”
Metamodels
Knowledge
Bases
Smart grid
demonstrator
Fintech
demonstrator
Requirements
engineering
Risk management
Model-driven
design
Assurance
and
certification
TRL6 TRL7
Byproducts
Connected
vehicle
demonstrator
Smart grid
demonstrator
15. Roadmap
❑Roadmap
❑January 2021
▪ First round of consultation
▪ Statement of objectives
▪ Initial description of operations
▪ Debate during CPDP 2021
o https://www.cpdpconferences.net/CPDP2021_Prel
iminary_Programme.pdf
o This panel!
❑June 2021
▪ Potential commitments
▪ Second round of consultation
▪ Community business plan options
▪ Identification of initial set of models
▪ Refined description of operations
o Working groups
o Agreeing on models
o Models description guidance
❑End 2021
▪ Commitments
▪ Sponsors
▪ Statutes and governance
▪ Logo and website
▪ Preparing initial set of models to publish
▪ Initial guidance on operations
▪ Preparing press release
❑Announcement CPDP 2022
25 January 2021 - CPDP 2021 Promotion of PDP4E - Alliance Slide 15
16. 25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 16
Community @ Eclipse Foundation
eclip.se/h0