Leveraging NLP Techniques for Privacy Requirements Engineering in User Stories

Privacy requirements engineering acts as a role to systematically elicit privacy requirements from system requirements and legal requirements such as the GDPR. Many methodologies have been proposed, but the majority of them are focused on the waterfall approach, making adopting privacy engineering in agile software development difficult. The other major issue is that the process currently is to a high degree manual. This paper focuses on closing these gaps through the development of a machine learning-based approach for identifying privacy requirements in an agile software development environment, employing natural language processing (NLP) techniques. Our method aims to allow agile teams to focus on functional requirements while NLP tools assist them in generating privacy requirements. The main input for our method is a collection of user stories, which are typically used to identify functional requirements in agile software development. The NLP approach is then used to automate some human-intensive tasks such as identifying personal data and creating data flow diagrams from user stories. The data flow diagram forms the basis for the automatic creation of privacy requirements. Our evaluation shows that our NLP method achieves a fairly good performance in terms of F-Measure. We are also demonstrate the feasibility of our NLP approach in CamperPlus project. Lastly, we are developing a tool to integrate our NLP approach into the privacy requirements engineering pipeline, allowing for manual editing of results so that agile teams can maintain control over the automated approach.