Skip to Main content Skip to Navigation
New interface
Conference papers

Annotation-Based Static Analysis for Personal Data Protection

Abstract : This paper elaborates the use of static source code analysis in the context of data protection. The topic is important for software engineering in order for software developers to improve the protection of personal data during software development. To this end, the paper proposes a design of annotating classes and functions that process personal data. The design serves two primary purposes: on one hand, it provides means for software developers to document their intent; on the other hand, it furnishes tools for automatic detection of potential violations. This dual rationale facilitates compliance with the General Data Protection Regulation (GDPR) and other emerging data protection and privacy regulations. In addition to a brief review of the state-of-the-art of static analysis in the data protection context and the design of the proposed analysis method, a concrete tool is presented to demonstrate a practical implementation for the Java programming language.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, October 14, 2021 - 5:48:32 PM
Last modification on : Wednesday, November 3, 2021 - 6:55:36 AM
Long-term archiving on: : Saturday, January 15, 2022 - 7:56:33 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License



Kalle Hjerppe, Jukka Ruohonen, Ville Leppänen. Annotation-Based Static Analysis for Personal Data Protection. 14th IFIP International Summer School on Privacy and Identity Management (Privacy and Identity), Aug 2019, Windisch, Switzerland. pp.343-358, ⟨10.1007/978-3-030-42504-3_22⟩. ⟨hal-03378964⟩



Record views