DiálogoP - A Language and a Graphical Tool for Formally Defining GDPR Purposes

  • Evangelia VaneziEmail author
  • Georgia M. Kapitsaki
  • Dimitrios Kouzapas
  • Anna Philippou
  • George A. Papadopoulos
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 385)


The notion of processing purpose, as set out in the EU General Data Protection Regulation (GDPR), comprises a crucial part of a software system’s privacy policy. Processing purposes are meant to characterize the usage of personal data within a system. In this work, we propose a formal type language for defining purposes as the communication exchanges between a system’s entities, based on session types enhanced with privacy notions. In order to provide software engineers with the means to easily define processing purposes, we encode the formal language syntax to a UML-based domain model and we present DiálogoP, a tool that supports the graphical model definition and subsequently translates it into formal language definitions.


  1. 1.
    Caramujo, J., da Silva, A.R., Monfared, S., Ribeiro, A., Calado, P., Breaux, T.: RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies. Requir. Eng. 24(1), 1–26 (2019). Scholar
  2. 2.
    European Parliament and Council of the European Union: General data protection regulation (2015). Official Journal of the European UnionGoogle Scholar
  3. 3.
    Honda, K., Vasconcelos, V.T., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998). Scholar
  4. 4.
    Honda, K., Yoshida, N., Carbone, M.: Multiparty asynchronous session types. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 273–284 (2008)Google Scholar
  5. 5.
    Ingolfo, S., Siena, A., Mylopoulos, J.: Nómos 3: reasoning about regulatory compliance of requirements. In: IEEE Requirements Engineering Conference, pp. 313–314. IEEE (2014)Google Scholar
  6. 6.
    Kouzapas, D., Philippou, A.: Privacy by typing in the \(\pi \)-calculus. Logical Methods Comput. Sci. 13(4), 1–42 (2017)MathSciNetzbMATHGoogle Scholar
  7. 7.
    Mougiakou, E., Virvou, M.: Based on GDPR privacy in UML: case of e-learning program. In: International Conference on Information, Intelligence, Systems & Applications, pp. 1–8. IEEE (2017)Google Scholar
  8. 8.
    Ribeiro, A., da Silva, A.R.: RSLingo4Privacy studio-a tool to improve the specification and analysis of privacy policies. In: ICEIS, vol. 2, pp. 52–63 (2017)Google Scholar
  9. 9.
    Pardo, R., Colombo, C., Pace, G.J., Schneider, G.: An automata-based approach to evolving privacy policies for social networks. In: Falcone, Y., Sánchez, C. (eds.) RV 2016. LNCS, vol. 10012, pp. 285–301. Springer, Cham (2016). Scholar
  10. 10.
    Takeuchi, K., Honda, K., Kubo, M.: An interaction-based language and its typing system. In: Halatsis, C., Maritsas, D., Philokyprou, G., Theodoridis, S. (eds.) PARLE 1994. LNCS, vol. 817, pp. 398–413. Springer, Heidelberg (1994). Scholar
  11. 11.
    Torre, D., Soltana, G., Sabetzadeh, M., Briand, L.C., Auffinger, Y., Goes, P.: Using models to enable compliance checking against the GDPR: an experience report. In: 2019 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, pp. 1–11. IEEE (2019)Google Scholar
  12. 12.
    Zeni, N., Kiyavitskaya, N., Mich, L., Cordy, J.R., Mylopoulos, J.: GaiusT: supporting the extraction of rights and obligations for regulatory compliance. Requir. Eng. 20(1), 1–22 (2015). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Evangelia Vanezi
    • 1
    Email author
  • Georgia M. Kapitsaki
    • 1
  • Dimitrios Kouzapas
    • 1
  • Anna Philippou
    • 1
  • George A. Papadopoulos
    • 1
  1. 1.Department of Computer ScienceUniversity of CyprusNicosiaCyprus

Personalised recommendations