This paper elaborates the use of static source code analysis in the context of data protection. The topic is important for software engineering in order for software developers to improve the protection of personal data during software development. To this end, the paper proposes a design of annotating classes and functions that process personal data. The design serves two primary purposes: on one hand, it provides means for software developers to document their intent; on the other hand, it furnishes tools for automatic detection of potential violations. This dual rationale facilitates compliance with the General Data Protection Regulation (GDPR) and other emerging data protection and privacy regulations. In addition to a brief review of the state-of-the-art of static analysis in the data protection context and the design of the proposed analysis method, a concrete tool is presented to demonstrate a practical implementation for the Java programming language.

中文翻译：

---

基于注释的个人数据保护静态分析

本文详细阐述了静态源代码分析在数据保护的背景下的使用。该主题对于软件工程很重要，以便软件开发人员在软件开发过程中改进对个人数据的保护。为此，论文提出了一种对处理个人数据的类和函数进行注释的设计。该设计有两个主要目的：一方面，它为软件开发人员提供记录其意图的手段；另一方面，它提供了自动检测潜在违规行为的工具。这种双重理由有助于遵守《通用数据保护条例》(GDPR) 和其他新兴的数据保护和隐私条例。