{"title":"对同意的执行情况进行示范检查","authors":"Raúl Pardo, Daniel Le Métayer","doi":"arxiv-2409.11803","DOIUrl":null,"url":null,"abstract":"Privacy policies define the terms under which personal data may be collected\nand processed by data controllers. The General Data Protection Regulation\n(GDPR) imposes requirements on these policies that are often difficult to\nimplement. Difficulties arise in particular due to the heterogeneity of\nexisting systems (e.g., the Internet of Things (IoT), web technology, etc.). In\nthis paper, we propose a method to refine high level GDPR privacy requirements\nfor informed consent into low-level computational models. The method is aimed\nat software developers implementing systems that require consent management. We\nmechanize our models in TLA+ and use model-checking to prove that the low-level\ncomputational models implement the high-level privacy requirements; TLA+ has\nbeen used by software engineers in companies such as Microsoft or Amazon. We\ndemonstrate our method in two real world scenarios: an implementation of cookie\nbanners and a IoT system communicating via Bluetooth low energy.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":"23 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Model-Checking the Implementation of Consent\",\"authors\":\"Raúl Pardo, Daniel Le Métayer\",\"doi\":\"arxiv-2409.11803\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Privacy policies define the terms under which personal data may be collected\\nand processed by data controllers. The General Data Protection Regulation\\n(GDPR) imposes requirements on these policies that are often difficult to\\nimplement. Difficulties arise in particular due to the heterogeneity of\\nexisting systems (e.g., the Internet of Things (IoT), web technology, etc.). In\\nthis paper, we propose a method to refine high level GDPR privacy requirements\\nfor informed consent into low-level computational models. The method is aimed\\nat software developers implementing systems that require consent management. We\\nmechanize our models in TLA+ and use model-checking to prove that the low-level\\ncomputational models implement the high-level privacy requirements; TLA+ has\\nbeen used by software engineers in companies such as Microsoft or Amazon. We\\ndemonstrate our method in two real world scenarios: an implementation of cookie\\nbanners and a IoT system communicating via Bluetooth low energy.\",\"PeriodicalId\":501278,\"journal\":{\"name\":\"arXiv - CS - Software Engineering\",\"volume\":\"23 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.11803\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.11803","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Privacy policies define the terms under which personal data may be collected
and processed by data controllers. The General Data Protection Regulation
(GDPR) imposes requirements on these policies that are often difficult to
implement. Difficulties arise in particular due to the heterogeneity of
existing systems (e.g., the Internet of Things (IoT), web technology, etc.). In
this paper, we propose a method to refine high level GDPR privacy requirements
for informed consent into low-level computational models. The method is aimed
at software developers implementing systems that require consent management. We
mechanize our models in TLA+ and use model-checking to prove that the low-level
computational models implement the high-level privacy requirements; TLA+ has
been used by software engineers in companies such as Microsoft or Amazon. We
demonstrate our method in two real world scenarios: an implementation of cookie
banners and a IoT system communicating via Bluetooth low energy.