Mia Heine Nowack will give a talk about her work on Purpose Auditing for Java Programs. Details below.
Mia Heine Nowack, MSc, ITU.
Purpose Auditing for Java Programs
Purpose is a central concept in the General Data Protection Regulation (GDPR), which requires that personal data shall be collected for explicit purposes that may not be violated. Personal data is often collected and processed by computer programs, though there is no obvious way of representing the purpose of processing in modern programming languages. This thesis extends and refines a purpose annotation and auditing tool for Java programs. The tool is extended with options to define a purpose hierarchy, compile purpose annotated source code and it can handle a larger variety of method calls. The extended tool detects purpose violations in annotated Java source code, and can infer the minimal purpose for each method in a codebase. The performance of the tool is evaluated on a real open source code base, with acceptable results. The tool is proposed as a means in the process of adhering to specific principles under the GDPR.