Publications tagged with "GDPR"

1. A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation

   Campanile, L., Iacono, M., Mastroianni, M., Riccio, C., & Viscardi, B. (2026). A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation [Conference paper]. Lecture Notes in Computer Science, 15893 LNCS, 303–316. https://doi.org/10.1007/978-3-031-97645-2_20

   Abstract

   Adapting or designing a system which operates on personal data in EU is impacted by the privacy-by-design and privacy-by-default principles because of the prescriptions of the GDPR. In this paper we propose an approach to decision making which is based on TOPSIS (Technique for Order Preference by Similarity to Ideal Solution). The approach is applied to a GDPR system compliance design process, based on a case study about system performance evaluation by means of queuing networks, but is absolutely general with respect to analogous problems, in which cost issues should be balanced with technical performances and risk exposure. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile2026303", "type"=>"Conference paper", "bibtex"=>"@article{Campanile2026303,\n  author = {Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele and Riccio, Christian and Viscardi, Bruna},\n  title = {A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation},\n  year = {2026},\n  journal = {Lecture Notes in Computer Science},\n  volume = {15893 LNCS},\n  pages = {303 – 316},\n  doi = {10.1007/978-3-031-97645-2_20}\n}\n", "author"=>"Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele and Riccio, Christian and Viscardi, Bruna", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}, {"first"=>"Christian", "last"=>"Riccio", "prefix"=>"", "suffix"=>""}, {"first"=>"Bruna", "last"=>"Viscardi", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Mauro", "author_1_last"=>"Iacono", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Michele", "author_2_last"=>"Mastroianni", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Christian", "author_3_last"=>"Riccio", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Bruna", "author_4_last"=>"Viscardi", "author_4_prefix"=>"", "author_4_suffix"=>"", "title"=>"A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation", "year"=>"2026", "journal"=>"Lecture Notes in Computer Science", "volume"=>"15893 LNCS", "pages"=>"303 – 316", "doi"=>"10.1007/978-3-031-97645-2_20", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-105010824131&doi=10.1007%2f978-3-031-97645-2_20&partnerID=40&md5=35e0e240c555d79f691963c61399c08b", "abstract"=>"Adapting or designing a system which operates on personal data in EU is impacted by the privacy-by-design and privacy-by-default principles because of the prescriptions of the GDPR. In this paper we propose an approach to decision making which is based on TOPSIS (Technique for Order Preference by Similarity to Ideal Solution). The approach is applied to a GDPR system compliance design process, based on a case study about system performance evaluation by means of queuing networks, but is absolutely general with respect to analogous problems, in which cost issues should be balanced with technical performances and risk exposure.   © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.", "author_keywords"=>"Data management; Decision support; GDPR; Information systems; Performance evaluation; Privacy; Queuing networks; Risk Analysis; Risk Assessment", "keywords"=>"Computer network performance evaluation; Decision making; Information management; Information systems; Information use; Risk analysis; Risk management; Alternative solutions; Decision supports; GDPR; Performances evaluation; Privacy; Queuing network; Risk analyze; Risks assessments; Solution based approaches; Technique for order preference by similarities to ideal solutions; Decision support systems; Risk assessment", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 0"}
       

   Details
2. Towards privacy-aware software design in small and medium enterprises

   Campanile, L., Iacono, M., & Mastroianni, M. (2022). Towards privacy-aware software design in small and medium enterprises. Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022. https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958

   Abstract

   The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs. © 2022 IEEE.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile2022", "type"=>"Conference paper", "bibtex"=>"@conference{Campanile2022,\n  author = {Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele},\n  title = {Towards privacy-aware software design in small and medium enterprises},\n  year = {2022},\n  journal = {Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022},\n  doi = {10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958}\n}\n", "author"=>"Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Mauro", "author_1_last"=>"Iacono", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Michele", "author_2_last"=>"Mastroianni", "author_2_prefix"=>"", "author_2_suffix"=>"", "title"=>"Towards privacy-aware software design in small and medium enterprises", "year"=>"2022", "journal"=>"Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022", "doi"=>"10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85145353321&doi=10.1109%2fDASC%2fPiCom%2fCBDCom%2fCy55231.2022.9927958&partnerID=40&md5=708dacdf77560860b78f2fe0500d32d5", "abstract"=>"The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs.  © 2022 IEEE.", "author_keywords"=>"Agile methodology; GDPR; Nonfunctional requirements; Privacy; Privacy-by-design; Risk analysis; Software design; Software development life cycle (SDLC)", "keywords"=>"Laws and legislation; Life cycle; Risk analysis; Risk assessment; Software testing; Agile Methodologies; GDPR; Legal definition; Non-functional requirements; Privacy; Privacy aware; Privacy regulation; Small-and-medium enterprise; Software development life cycle; Software development life-cycle; Software design", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 13"}
       

   Details
3. Evaluating the Impact of Data Anonymization in a Machine Learning Application

   Campanile, L., Forgione, F., Mastroianni, M., Palmiero, G., & Sanghez, C. (2022). Evaluating the Impact of Data Anonymization in a Machine Learning Application [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 389–400. https://doi.org/10.1007/978-3-031-10542-5_27

   Abstract

   The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile2022389", "type"=>"Conference paper", "bibtex"=>"@article{Campanile2022389,\n  author = {Campanile, Lelio and Forgione, Fabio and Mastroianni, Michele and Palmiero, Gianfranco and Sanghez, Carlo},\n  title = {Evaluating the Impact of Data Anonymization in a Machine Learning Application},\n  year = {2022},\n  journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},\n  volume = {13380 LNCS},\n  pages = {389 – 400},\n  doi = {10.1007/978-3-031-10542-5_27}\n}\n", "author"=>"Campanile, Lelio and Forgione, Fabio and Mastroianni, Michele and Palmiero, Gianfranco and Sanghez, Carlo", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Fabio", "last"=>"Forgione", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}, {"first"=>"Gianfranco", "last"=>"Palmiero", "prefix"=>"", "suffix"=>""}, {"first"=>"Carlo", "last"=>"Sanghez", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Fabio", "author_1_last"=>"Forgione", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Michele", "author_2_last"=>"Mastroianni", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Gianfranco", "author_3_last"=>"Palmiero", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Carlo", "author_4_last"=>"Sanghez", "author_4_prefix"=>"", "author_4_suffix"=>"", "title"=>"Evaluating the Impact of Data Anonymization in a Machine Learning Application", "year"=>"2022", "journal"=>"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)", "volume"=>"13380 LNCS", "pages"=>"389 – 400", "doi"=>"10.1007/978-3-031-10542-5_27", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85135904907&doi=10.1007%2f978-3-031-10542-5_27&partnerID=40&md5=b550cf760c368d94894bd31b11163284", "abstract"=>"The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.", "author_keywords"=>"Data disappearance; DPIA; GDPR; Illegitimate access to data; Privacy; Risks; Unwanted modification of data; WISP", "keywords"=>"Computer aided instruction; Machine learning; Risk assessment; Data disappearance; Data protection impact assessments; DPIA; GDPR; Illegitimate access to data; Machine learning applications; Machine learning systems; Privacy; Unwanted modification of data; WISP; Data privacy", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 1"}
       

   Details
4. Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization

   Campanile, L., Cantiello, P., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12956 LNCS, 3–14. https://doi.org/10.1007/978-3-030-87010-2_1

   Abstract

   Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile20213", "type"=>"Conference paper", "bibtex"=>"@article{Campanile20213,\n  author = {Campanile, Lelio and Cantiello, Pasquale and Iacono, Mauro and Marulli, Fiammetta and Mastroianni, Michele},\n  title = {Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization},\n  year = {2021},\n  journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},\n  volume = {12956 LNCS},\n  pages = {3 – 14},\n  doi = {10.1007/978-3-030-87010-2_1}\n}\n", "author"=>"Campanile, Lelio and Cantiello, Pasquale and Iacono, Mauro and Marulli, Fiammetta and Mastroianni, Michele", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Pasquale", "last"=>"Cantiello", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Fiammetta", "last"=>"Marulli", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Pasquale", "author_1_last"=>"Cantiello", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Mauro", "author_2_last"=>"Iacono", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Fiammetta", "author_3_last"=>"Marulli", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Michele", "author_4_last"=>"Mastroianni", "author_4_prefix"=>"", "author_4_suffix"=>"", "title"=>"Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization", "year"=>"2021", "journal"=>"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)", "volume"=>"12956 LNCS", "pages"=>"3 – 14", "doi"=>"10.1007/978-3-030-87010-2_1", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85115698960&doi=10.1007%2f978-3-030-87010-2_1&partnerID=40&md5=445c0e92ccab7722cfb6aa1c79f1802f", "abstract"=>"Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG.", "author_keywords"=>"Blockchain; GDPR; IoV; Privacy; Pseudonymization; Risk analysis", "keywords"=>"Blockchain; Data privacy; Risk assessment; Block-chain; Conflicts of interest; GDPR; Information recording; IoV; Privacy; Pseudonymization; Recording process; Traffic management systems; Risk analysis", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 95"}
       

   Details

← Back to all publications