How to Extract Workflow Privacy Patterns from Legal Documents
- 11 Downloads
The General Data Protection Regulation (GDPR) strengthens the importance of data privacy and protection for enterprises offering their services in the EU. An important part of intensified efforts towards better privacy protection is enterprise workflow (re)design. In particular, the GDPR has strengthened the imperative to apply the privacy by design principle when (re)designing workflows. A conforming and promising approach is to model privacy relevant workflow fragments as Workflow Privacy Patterns (WPPs). Such WPPs allow to specify abstract templates for recurring data-privacy problems in workflows. Thus, WPPs are intended to support workflow engineers, auditors and privacy officers by providing pre-validated patterns that comply with existing data privacy regulations. However, it is unclear yet how to obtain WPPs systematically with an appropriate level of detail.
In this paper, we show our approach to derive WPPs from legal texts and similar normative regulations. The proposed structure of a WPP, which we derived from pattern approaches from other research areas. We also introduce a framework that allows to design WPPs which make legal regulations accessible for persons who do not possess in-depth legal expertise. We have applied our approach to different articles of the GDPR, and we have obtained evidence that we can transfer legal text into a structured WPP representation. If a workflow correctly implements a WPP that has been designed that way, the workflow automatically complies to the respective fragment of the underlying legal text.
KeywordsPrivacy Patterns Workflows
We would like to thank Martin Bahr for his work on the CCC Model.
- 1.European Parliament, Council of the European Union: Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. EU Regulation 2016/679 (2016)Google Scholar
- 2.Buchmann, E., Anke, J.: Privacy patterns in business processes. In: INFORMATIK 2017, pp. 793–798 (2017). https://dl.gi.de/handle/20.500.12116/4101
- 3.Robak, M., Buchmann, E.: Deriving workflow privacy patterns from legal documents. In: 2019 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 555–563. IEEE (2019). https://doi.org/10.15439/2019F275
- 6.Information Commissioners Office: Guide to the general data protection regulation (GDPR). https://ico.org.uk. Accessed July 2018
- 8.Wolfgang, P.: Design Patterns for Object-Oriented Software Development, vol. 15. Addison-Wesley, Reading (1994). https://doi.org/10.1145/253228.253810
- 11.Jablonski, S., Bussler, C.: Workflow Management: Modeling Concepts, Architecture and Implementation, vol. 392. International Thomson Computer Press, London (1996)Google Scholar
- 13.Russell, N., et al.: Workflow control-flow patterns: a revised view. BPM Center Report, 06-22 (2006)Google Scholar
- 14.Russell, N., ter Hofstede, A.H.M., Edmond, D., van der Aalst, W.M.P.: Workflow data patterns: identification, representation and tool support. In: Delcambre, L., Kop, C., Mayr, H.C., Mylopoulos, J., Pastor, O. (eds.) ER 2005. LNCS, vol. 3716, pp. 353–368. Springer, Heidelberg (2005). https://doi.org/10.1007/11568322_23CrossRefGoogle Scholar
- 15.Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow resource patterns: identification, representation and tool support. In: Pastor, O., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005). https://doi.org/10.1007/11431855_16CrossRefGoogle Scholar
- 18.EU FP7 Project PRIPARE: privacypatterns.eu - collecting patterns for better privacy. https://privacypatterns.eu. Accessed Apr 2019
- 19.Projects by IF: Data permissions catalogue - an evolving collection of design patterns for sharing data. https://catalogue.projectsbyif.com/. Accessed June 2019
- 20.Vom Brocke, J.: Design principles for reference modeling: reusing information models by means of aggregation, specialisation, instantiation, and analogy. IGI Global (2007)Google Scholar
- 21.Buschmann, F., Henney, K., Schmidt, D.C.: Pattern-Oriented Software Architecture, on Patterns and Pattern Languages, vol. 5. Wiley, Hoboken (2007)Google Scholar