Handling undefined legal terms in architecture-based data protection analysis
Vortragende(r) | Felix Schwickerath | |
---|---|---|
Vortragstyp | Bachelorarbeit | |
Betreuer(in) | Nicolas Boltz | |
Termin | Fr 25. Oktober 2024 | |
Vortragssprache | Deutsch | |
Vortragsmodus | in Präsenz | |
Kurzfassung | With an ever-increasing amount of software-driven solutions in various parts of modern life, like smart homes, public health or transportation services, more data than ever is collected and analyzed. This surge in data processing raises concerns and led to legal regulations on the processing of personal data, like the General Data Protection Regulation (GDPR). With both legal experts and software architects assessing whether their system is GDPR - compliant, efficient interdisciplinary communication between the legal and technical domain are needed. Matters are complicated by Undefined legal terms (ULTs) that force legal experts during their analysis to consider the context and environment of a system, as this information is needed to assess the meaning of the legal term. Additionally, the context and environment of a system consists of the technical environment, so the software architect needs to communicate the context of each step in the system as well.
In the thesis, the author introduces an extension of a data flow analysis and legal assessment framework that allows legal experts and software architects to work collaboratively on a software model. It also addresses the issues that are caused during the legal analysis of a system by ULTs and allows legal experts to analyze larger software models effectively. The methodology and results of the analysis are presented in a way that legal experts and software architects may understand what caused an issue in the model and how it may be fixed. |