Privacy-Enhanced Software Design: Purpose-Aware UML Diagrams
摘要
The General Data Protection Regulation (GDPR) was introduced and applied in the EU to help users protect their personal data. An important principle of the regulation is ‘Purpose Limitation’, stating that personal data should be processed only in ways (purposes) clearly stated and agreed upon between the system and the user. One major challenge in Software Engineering is the integration of processing purposes into the system design. Aiming to address this challenge, we present a software design methodology allowing to formulate the processing purposes of a system and integrate them with the functional requirements. We present a purpose-aware version of the UML Use Case and Sequence diagrams to assist engineers in visualising the purpose-aware requirements, and a prototype tool to automate this process. We furthermore present an evaluation of the methodology, gathering overall positive results, especially regarding users’ confidence, simplicity, and ease of use.