Abstract
The adoption of information technology in foremost sectors of human activity such as banking, healthcare, education, governance etc., increases the amount of data collected and processed to enable these services. With the convenience the technology offers, it also brings increased challenges pertaining to the privacy. In response to these emerging privacy concerns, the European Union has approved the General Data Protection Regulation (GDPR) to strengthen data protection across the European Union. This regulation requires individuals and organizations that process personal data of EU citizens or provide services in EU, to comply with the privacy requirements in the GDPR. However, the privacy policies stating how personal information will be handled to meet regulations as well as organizational objectives, are given in natural language statements. To demonstrate a program's compliance with privacy policies, a link should be established between policy statements and the program code, with the support of a formalized analysis.Based on this vision, we formalize a notion of privacy policies and a notion of compliance for the setting of object-oriented distributed systems. For this we provide explicit constructs to specify constituents of privacy policies (i.e., principal, purpose, access right) on personal data. We present a policy specification language and a formalization of privacy compliance, as well as a high-level modeling language for distributed systems extended with support for policies. We define a type and effect system for static checking of compliance of privacy policies and show soundness of this analysis based on an operational semantics. Finally, we prove a progress property.
Highlights
With the adoption of information technology in almost all areas of our life, the collection and processing of personal data have intensified
We could let the operational semantics define the subject and owner of the data, as well as other General Data Protection Regulation (GDPR)-relevant aspects such as expiration time, but this is ignored here since we focus on the aspects of the static system
In this paper we started by investigating challenges and opportunities with the GDPR from a language-based perspective
Summary
With the adoption of information technology in almost all areas of our life, the collection and processing of personal data have intensified. To demonstrate the analysis of static policy compliance for imperative programs, we develop a type and effect system for checking policy compliance for a high-level language supporting the active object paradigm [12,31,33,42], based on the actor model [28]. This paradigm is considered to be one of the most promising candidates to model asynchronously parallel and distributed computations in a safe manner [12]. An algorithmic version of the static compliance checking is shown in Appendix A and notational conventions used in the paper are listed in Appendix B
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
