Assurance tool OpenCert for Privacy and Data Protection

1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Alejandra Ruiz, Jabier Martinez, Javier Puelles, Izaskun Santamaria (Tecnalia)
Yod Samuel Martin, Jacobo Quintáns, Juan Carlos Yelmo (UPM)
Guillaume Mockly, Estibaliz Arzoz Fernández, Amelie Gyrard, Antonio Kung (Trialog)
Assurance Tool and Method (WP6)
This project has received funding from the European Union's Horizon 2020
programme under Grant Agreement No 787034.
11/06/2021

2. Supplier Chain
Component
Release
Module Assurance
Case Development
(Independent)
Safety Assessment
Safety
Assessment
Certification
Liaison
Product Engineering
“Project”
Quality
Management
Implementation
Validation &
Verification
Design
Introduction & Objectives
WP6
2
Assurance
“Project”
Assurance Case
Development
Evidence
Management Assurance Process
Management
Compliance
Management
Standards & Regulations
Information Management
Interpretation
Standards
Specification
Privacy
Assessment
(Independent)
Privacy Assessment
Product Engineering
“Project”
Quality
Management
Implementation
Validation &
Verification
Design
Product Engineering
Privacy Reference
Frameworks

3. Introduction & Objectives
 WP6 Methods and tools for assurance
 Participants: Tecnalia (leader), Trialog, UPM
 Duration: M10 – M33
 Objectives:
 A method to demonstrate compliance with privacy and data protection regulation, including the systematic capture and
recording of evidences, their association to requirements and artefacts, their traceability to the GDPR and other
regulations and standards, and the argumentation of compliance derived from the evidences.
 A standard metamodel to represent the relevant terms to GDPR compliance, including relevant processes, roles...etc.
 A computer-readable knowledge base which contains models of the normative framework that represent GDPR and other
regulation (e.g. WP29 guidance) as well as other data protection standards and mappings between one another, and
assurance patterns.
 A software tool, developed by extending OpenCert, which implements the functions needed to support the method and
which hosts the knowledge base.
 Output:
 Specification of the method and tool: D6.1, D6.2 and D6.3
 Method releases: D6.4 and D6.5
 Tool releases: D6.6 and D6.7
 Knowledge base: D6.8
WP6
3

4. Results: Outline
 Demonstrated feasibility of
 using state-of-the-art assurance principles for privacy engineering
 modelling privacy regulations as reference framework models
 handling ecosystems of privacy reference frameworks
 providing reusable privacy assurance patterns
Tool-supported
WP6
4

5. Results
 Using state-of-the-art assurance principles for privacy engineering
A privacy assurance case, is a structured argument supported by a body of evidence, which
provides a convincing and valid justification that a system meets its assurance requirements,
for a given application in a given operating environment *
WP6
5
*Adapted to privacy from the safety world:
Denney et al.
“Hierarchical Safety Cases.” In NASA Formal Methods, 2013

6. Results
 Using state-of-the-art assurance principles for privacy engineering
WP6
6
GPDR Art. 5: Principles relating to processing of personal data
Paragraph 1
 Lawfulness, fairness and transparency
 Purpose limitation
 Data minimisation
 Accuracy
 Storage limitation
 Integrity and confidentiality

7. Supplier Chain
Component
Release
Module Assurance
Case Development
(Independent)
Safety Assessment
Safety
Assessment
Certification
Liaison
Product Engineering
“Project”
Quality
Management
Implementation
Validation &
Verification
Design
Results
 Using state-of-the-art assurance principles for privacy engineering
WP6
7
Assurance
“Project”
Assurance Case
Development
Evidence
Management Assurance Process
Management
Compliance
Management
Standards & Regulations
Information Management
Interpretation
Standards
Specification
Privacy
Assessment
(Independent)
Privacy Assessment
Product Engineering
“Project”
Quality
Management
Implementation
Validation &
Verification
Design
Model-based solutions for Privacy assurance projects

8. Results
 Modelling privacy regulations as reference framework models
Diversity of reference frameworks
 Process-based
 Requirements-based
 Evidence-based
 Legal text
Objectives for modelling: Abstraction and Formalization
WP6
8
Privacy reference frameworks modelled as development processes
General and Application-domain-specific

9. Results
 Handling ecosystems of privacy reference frameworks
Several privacy reference frameworks apply (and increasing)
WP6
9
Mapping models
GDPR
Art. 35 and 36: Data
protection impact
assessment and prior
consultation
Data Protection Impact
Assessment template
for Smart Grid and
Smart Metering
ISO/IEC 29134
Information technology —
Security techniques —
Guidelines for privacy
impact assessment

10. Assurance
Project
Definition
Assurance Case
Management
Evidence
Management
Compliance
Management
Reporting
Results
Providing reusable privacy assurance patterns
WP6
10
RefFrameworks Modelling Equivalences Modelling

11. Results
Providing reusable privacy assurance patterns
Patterns:
 the process of the ref framework is followed
 the expected evidences are considered
 to connect privacy controls with its expected assurance needs
Reusable privacy assurance patterns contain conditions and parts to be refined
They need to be instantiated and refined
WP6
11
Manually created knowledge base, and automatic model transformations

12. Results
WP6
12
Evidence
Management
Prescriptive
Knowledge
Management
Privacy
Argumentation
Management
Assurance Project
Lifecycle
Management
Project
Repository
Measurement
&
Transparency
Assurance Configuration
Management
System Management
Standards &
Understandings
Argument
Patterns
Risk Control
(WP3)
Product
Engineering
Tools
(WP4, WP5)
Link
Connect
Providing reusable privacy assurance patterns

13. Results: Overall method
WP6
13
Assurance
Project
Definition
Assurance Case
Management
Evidence
Management
Compliance
Management
Reporting
RefFrameworks Modelling Equivalences Modelling
Reference
Framework models
Mapping
models
Goal Structuring
Notation models
Evidence
models

14. Results: Tool features and improvements
WP6
14
Assurance
Project
Definition
Assurance Case
Management
Evidence
Management
Compliance
Management
Reporting
RefFrameworks Modelling Equivalences Modelling
Reference
Framework models
Mapping
models
Goal Structuring
Notation models
Evidence
models
(EPL-2)
https://gitlab.eclipse.org/eclipse/opencert/opencert/-/tree/release/2.0

15. Results: Knowledge base
Privacy Reference Frameworks
 General
 GDPR Data Protection Impact Assessments (DPIA) covering Art. 35 and 36, and WP29 DPIA guidance
 ISO/IEC 29134:2017 (Information technology - Security techniques - Guidelines for privacy impact
assessment)
 Case studies
 ISO/SAE 21434 Road vehicles — Cybersecurity engineering. Process for risk assessment
 EU Smart Grid Data Protection Impact Assessment (DPIA) template
WP6
15

16. Results: Knowledge base
Mapping models
 ISO/IEC 29134:2017 (Information technology - Security techniques - Guidelines for privacy
impact assessment)
to GDPR Data Protection Impact Assessments (DPIA)
 D7.9 Alignment of Smart Grid DPIA to GDPR DPIA and ISO/IEC 29134:2017
WP6
16

17. Results: Knowledge base
Privacy Assurance Patterns
 General
 GDPR DPIA argumentation patterns (13 based on Recital 75, Art. 35 and 36)
 NIST SP 800-53 rev 5, Control SI-18 - Information disposal
 NIST SP 800-53 rev 5, Control SI-20 - De-identification
 Case studies
 Connected vehicle: Correct pseudonym management (internally using NIST Control SI-20 pattern)
 SmartGrid: Pre-assessment on the need to conduct a DPIA is completed. Smart Grid DPIA template
 Automatically generated assurance patterns: e.g., Data Protection Risk Assessment is completed from
SmartGrid DPIA template reference framework
WP6
17

18. Results: Knowledge base
 Public
 https://gitlab.eclipse.org/eclipse/opencert/opencert/-
/tree/release/2.0/examples/privacy
Private
 Reference frameworks and mapping models of standards or documents which are not
freely distributed: Derivative works with high amount of information and text from the
original work
 ISO/IEC 29134:2017 and its mapping model to GPDR
 ISO/SAE 21434
WP6
18

19. Conclusions and further steps beyond the
project
WP6
19
Using state-of-the-art assurance
principles for privacy engineering
Modelling privacy regulations as
reference framework models
Handling ecosystems of privacy
reference frameworks
Providing reusable privacy
assurance patterns
Tool-supported
Model-based
Open source and flexible
KB available
Community uptake (Industry and Research)
More automation support

20. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
For more information, visit:
www.pdp4e-project.eu
Thank you for your attention
This project has received funding from the European Union's Horizon 2020
programme under Grant Agreement No 787034.