Add to my Schedule Session Block—Privacy Engineering
09 Sep 2019 12:00 Noon - 12:20 PM (UTC)
20190909T1200 20190909T1220 UTC Model-driven Engineering for Privacy Model-driven engineering (MDE) focuses on the creation and exploitation of models during the lifecycle of a system. MDE is supported by dedicated tools based on languages such as UML. These tools enab... Transforming Privacy Law into Practice | 9-10 September | University of Oxford events@oasis-open.org

Model-driven engineering (MDE) focuses on the creation and exploitation of models during the lifecycle of a system. MDE is supported by dedicated tools based on languages such as UML. These tools enable a methodical approach for the engineering of complex systems and the integration of cross-cutting concerns such as safety, resilience, security, or privacy. Models describe all needed artefacts of a system: application, APIs, operating system, data, networks and so forth. If defined and structured properly, the engineering of a system is facilitated by the reuse of models which have been validated in previous developments. 


With the advent of the GDPR, and the growing awareness on the need to engineer privacy compliant systems, there is a need to extend model-driven engineering to support privacy. PDP4E is an H2020 project which focuses on the integrating of privacy concerns in MDE. It takes advantage of the growing wealth of work on privacy engineering, at research level and at standardisation level (ISO/IEC 27550, OASIS PMRM, or ISO 31700).


This presentation will focus on the various components of a MDE privacy engineering toolbox:

  • supporting risk management, including activities for risk identification, analysis, evaluation and treatment.

  • supporting requirements engineering, including the operationalization of privacy and data protection principles into tangible requirements.

  • supporting privacy-by-design, including design strategies and model-oriented annotations so that developments teams can embed privacy aspects on the architecture of new solutions; and.

  • Supporting assurance management, including the production of evidences to demonstrate privacy compliance.


It will finally present plans for the creation of a privacy engineering community.