In this deliverable, we present legal and usability requirements, as well as the functional and nonfunctional platform requirements, which we elicited for the PAPAYA project in the first project year to guide the technical development and validations in the PAPAYA project.

The general legal privacy requirements are derived directly from the GDPR and draft ePrivacy Regulation. We focus especially on those legal requirements elicited from the general privacy principles of Art. 5 GDPR, which serve as the key principles of the European Data Protection Law and as the starting point for more detailed provisions in the subsequent articles of the GDPR [1]. Moreover, we present important legal requirements for lawful data processing pursuant to the GDPR, consent, transparency, intervenability, and for the outsourcing of data from a data controller to the PAPAYA platform as a data processor according to the GDPR, as well as for the processing of metadata, including location data, pursuant to the draft ePrivacy Regulation.

See the full document in the link below.

Karlstad University