{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T08:56:09Z","timestamp":1780044969111,"version":"3.53.1"},"reference-count":29,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T00:00:00Z","timestamp":1593216000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T00:00:00Z","timestamp":1593216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["787149"],"award-info":[{"award-number":["787149"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["787034"],"award-info":[{"award-number":["787034"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["786741"],"award-info":[{"award-number":["786741"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["786767"],"award-info":[{"award-number":["786767"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["787068"],"award-info":[{"award-number":["787068"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["786713"],"award-info":[{"award-number":["786713"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"published-print":{"date-parts":[[2020,7]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Confidence in information and communication technology services and systems is crucial for the digital society which we live in, but this confidence is not possible without privacy-enhancing tools and technologies, nor without risks management frameworks that guarantee privacy, data protection, and secure digital identities. This paper provides information on ongoing and recent developments in this area in the European Union (EU) space. We start by providing an overview of EU\u2019s General Data Protection Regulation (GDPR) and proceed by identifying challenges concerning GDPR implementation, either technical or organizational. For this, we consider the work currently being done by a set of EU projects on the H2020 DS-08-2017 topic, namely BPR4GDPR, DEFeND, SMOOTH, PDP4E, PAPAYA and PoSeID-on, which address and aim at providing specific, operational solutions for the identified challenges. We briefly present these solutions and discuss the ways in which the projects cooperate and complement each other. Finally, we identify guidelines for further research.<\/jats:p>","DOI":"10.1007\/s42979-020-00218-8","type":"journal-article","created":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T14:02:51Z","timestamp":1593266571000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Protecting Citizens\u2019 Personal Data and Privacy: Joint Effort from GDPR EU Cluster Research Projects"],"prefix":"10.1007","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6129-9278","authenticated-orcid":false,"given":"Renata M.","family":"de Carvalho","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Camillo","family":"Del Prete","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yod Samuel","family":"Martin","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rosa M.","family":"Araujo Rivero","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Melek","family":"\u00d6nen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Francesco Paolo","family":"Schiavo","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"\u00c1ngel Cuevas","family":"Rum\u00edn","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Juan C.","family":"Yelmo","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Maria N.","family":"Koukovini","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,6,27]]},"reference":[{"key":"218_CR1","unstructured":"European Union. Directive 95\/46\/EC of the European parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. https:\/\/eur-lex.europa.eu\/legal-content\/en\/TXT\/?uri=CELEX%3A31995L0046. Accessed 17 Dec 2019."},{"key":"218_CR2","unstructured":"European Union. Regulation (EU) 2016\/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/ec (general data protection regulation). https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj. Accessed 17 Dec 2019."},{"key":"218_CR3","unstructured":"European Union. Cybersecurity ppp: privacy, data protection, digital identities id: Ds-08-2017. https:\/\/ec.europa.eu\/info\/funding-tenders\/opportunities\/portal\/screen\/opportunities\/topic-details\/ds-08-2017. Accessed 17 Dec 2019."},{"key":"218_CR4","unstructured":"European Union. Horizon 2020 work programme 2016\u20132017 14. secure societies\u2014protecting freedom and security of Europe and its citizens (part 14\u2014page 74). https:\/\/ec.europa.eu\/research\/participants\/data\/ref\/h2020\/wp\/2016_2017\/main\/h2020-wp1617-security_en.pdf. Accessed 17 Dec 2019."},{"key":"218_CR5","unstructured":"European Commission. Infographic: GDPR in numbers (25 January 2019, 22 May 2019). https:\/\/ec.europa.eu\/info\/priorities\/justice-and-fundamental-rights\/data-protection\/2018-reform-eu-data-protection-rules\/eu-data-protection-rules_en. Accessed 17 Dec 2019."},{"key":"218_CR6","unstructured":"European Commission Directorate-General for Communication. Flash eurobarometer 443: e-privacy. https:\/\/data.europa.eu\/euodp\/en\/data\/dataset\/S2124_443_ENG. Accessed 17 Dec 2019."},{"key":"218_CR7","unstructured":"Farrell S. Talktalk counts costs of cyber-attack. https:\/\/www.theguardian.com\/business\/2016\/feb\/02\/talktalk-cyberattack-costs-customers-leave. Accessed 17 Dec 2019."},{"issue":"1","key":"218_CR8","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/TSE.2008.88","volume":"35","author":"S Spiekermann","year":"2009","unstructured":"Spiekermann S, Cranor LF. Engineering privacy. IEEE Trans Softw Eng. 2009;35(1):67\u201382.","journal-title":"IEEE Trans Softw Eng"},{"key":"218_CR9","unstructured":"Cavoukian A, et\u00a0al. Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada. 2009. p. 5."},{"key":"218_CR10","doi-asserted-by":"crossref","unstructured":"Cavoukian A. Operationalizing privacy by design: the Ontario smart grid case study. Information and Privacy Commissioner, Ontario, Canada; 2011.","DOI":"10.1109\/SGE.2012.6463977"},{"key":"218_CR11","first-page":"1","volume":"55","author":"M Birnhack","year":"2014","unstructured":"Birnhack M, Toch E, Hadar I. Privacy mindset, technological mindset. Jurimetrics. 2014;55:1\u201371.","journal-title":"Jurimetrics"},{"key":"218_CR12","unstructured":"International\u00a0Association of\u00a0Privacy Professionals\u00a0(IAPP). 2019 privacy tech vendor report. https:\/\/iapp.org\/media\/pdf\/resource_center\/2019TechVendorReport.pdf."},{"key":"218_CR13","unstructured":"European Union. Regulation (EU) no 910\/2014 of the European parliament and of the council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing directive 1999\/93\/ec. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG. Accessed 17 Dec 2019."},{"key":"218_CR14","unstructured":"Papagiannakopoulou Eugenia\u00a0I. Semantic access control model for distributed environments. Ph.D. Thesis, National Technical University of Athens, 2014."},{"key":"218_CR15","unstructured":"Koukovini Maria\u00a0N. Inherent privacy awareness in service-oriented architectures. Ph.D. Thesis, National Technical University of Athens, 2014."},{"key":"218_CR16","first-page":"2","volume":"489","author":"WMP van der Aalst","year":"2009","unstructured":"van der Aalst WMP, van Dongen BF, G\u00fcnther CW, Rozinat A, Verbeek HMW, Weijters AJMM. Prom: the process mining toolkit. BPM (Demos). 2009;489:2.","journal-title":"BPM (Demos)"},{"key":"218_CR17","unstructured":"Mans RS, van\u00a0der Aalst WMP, Verbeek HMW. Supporting process mining workflows with rapidprom. In: BPM 2014 Demos, vol. 1295. CEUR-WS.org. 2014. pp. 56\u201360."},{"key":"218_CR18","doi-asserted-by":"crossref","unstructured":"Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP \u201907), May 2007. pp. 321\u2013334.","DOI":"10.1109\/SP.2007.11"},{"key":"218_CR19","doi-asserted-by":"crossref","unstructured":"Balebako R, Marsh A, Lin J, Hong JI, Cranor L. The privacy and security behaviors of smartphone app developers. 2014. p. 2 .","DOI":"10.14722\/usec.2014.23006"},{"key":"218_CR20","unstructured":"European Commission. The future of privacy\u2014article 29 data protection working party and working party on police and justice. 2009. https:\/\/ec.europa.eu\/justice\/article-29\/documentation\/opinion-recommendation\/files\/2009\/wp168_en.pdf. Accessed 19 Dec 2019."},{"key":"218_CR21","unstructured":"Danezis G, Domingo-Ferrer J, Hansen M, Hoepman J-H, M\u00e9tayer DL, Tirtea R, Schiffner S. Privacy and data protection by design\u2014from policy to engineering. 2014. https:\/\/www.enisa.europa.eu\/publications\/privacy-and-data-protection-by-design. Accessed 19 Dec 2019."},{"key":"218_CR22","unstructured":"Garc\u00eda YSM, del \u00c1lamo\u00a0Ramiro JM. A metamodel for privacy engineering methods. In: Proceedings of the 3rd international workshop on privacy engineering co-located with 38th IEEE symposium on security and privacy (S&P 2017), vol. 1873, CEUR Workshop Proceedings. 2017. pp. 41\u201348."},{"issue":"2","key":"218_CR23","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2016.37","volume":"14","author":"S G\u00fcrses","year":"2016","unstructured":"G\u00fcrses S, del Alamo JM. Privacy engineering: shaping an emerging field of research and practice. IEEE Secur Priv. 2016;14(2):40\u20136.","journal-title":"IEEE Secur Priv"},{"issue":"1","key":"218_CR24","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","volume":"16","author":"M Deng","year":"2011","unstructured":"Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng. 2011;16(1):3\u201332.","journal-title":"Requir Eng"},{"key":"218_CR25","volume-title":"Threat modeling: designing for security","author":"A Shostack","year":"2014","unstructured":"Shostack A. Threat modeling: designing for security. New York: Wiley; 2014."},{"key":"218_CR26","doi-asserted-by":"crossref","unstructured":"Hansen M, Jensen M, Rost M. Protection goals for privacy engineering. In: 2015 IEEE security and privacy workshops, May 2015. pp. 159\u2013166.","DOI":"10.1109\/SPW.2015.13"},{"key":"218_CR27","first-page":"1","volume-title":"Privacy technologies and policy","author":"K Beckers","year":"2014","unstructured":"Beckers K, Fa\u00dfbender S, Heisel M, Meis R. A problem-based approach for computer-aided privacy threat identification. In: Bart P, Demosthenes I, editors. Privacy technologies and policy. Heidelberg: Berlin; 2014. p. 1\u201316."},{"key":"218_CR28","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1007\/978-3-642-55415-5_38","volume-title":"ICT systems security and privacy protection","author":"J-H Hoepman","year":"2014","unstructured":"Hoepman J-H. Privacy design strategies. In: Cuppens-Boulahia N, Cuppens F, Jajodia S, El Kalam AA, Sans T, editors. ICT systems security and privacy protection. Berlin: Springer; 2014. p. 446\u201359."},{"issue":"3","key":"218_CR29","first-page":"2","volume":"20","author":"W Stallings","year":"2017","unstructured":"Stallings W. A blockchain tutorial. Inter Prot J. 2017;20(3):2\u201324.","journal-title":"Inter Prot J"}],"updated-by":[{"DOI":"10.1007\/s42979-023-02168-3","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2023,9,28]],"date-time":"2023-09-28T00:00:00Z","timestamp":1695859200000}}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-020-00218-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-020-00218-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-020-00218-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,28]],"date-time":"2023-09-28T13:26:20Z","timestamp":1695907580000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-020-00218-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,27]]},"references-count":29,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,7]]}},"alternative-id":["218"],"URL":"https:\/\/doi.org\/10.1007\/s42979-020-00218-8","relation":{"correction":[{"id-type":"doi","id":"10.1007\/s42979-023-02168-3","asserted-by":"object"}]},"ISSN":["2662-995X","2661-8907"],"issn-type":[{"value":"2662-995X","type":"print"},{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,27]]},"assertion":[{"value":"6 January 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 June 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 June 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 September 2023","order":4,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Correction","order":5,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A Correction to this paper has been published:","order":6,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.1007\/s42979-023-02168-3","URL":"https:\/\/doi.org\/10.1007\/s42979-023-02168-3","order":7,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"217"}}