On the Systematic Design of Privacy Policies and Privacy Architectures

In this paper, we address the problem of systematic privacy policy and privacy architecture design. We focus on two relevant aspects of privacy, namely, accountability and personal data control. We propose a systematic design approach of privacy policies adapting the current international data protection regulations, as well as an automated privacy architectures generation method from the corresponding policies. In particular, we propose a high-level policy language and an architecture language, as well as a systematic mapping procedure from policies to the corresponding architectures. We demonstrate the usability of our proposed approach on real-world systems such as Facebook.

[1]  T. Grance,et al.  SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) , 2010 .

[2]  Daniel Le Métayer,et al.  Log Analysis for Data Protection Accountability , 2013, FM.

[3]  Valerie Verdoodt,et al.  From social media service to advertising network: a critical analysis of Facebook’s Revised Policies and Terms , 2015 .

[4]  Carles Bellver Torlà,et al.  Facebook 'tracks all visitors, breaching EU law' , 2015 .

[5]  Fred B. Schneider Accountability for Perfection , 2009, IEEE Secur. Priv..

[6]  Daniel Le Métayer,et al.  Privacy Architectures: Reasoning about Data Minimisation and Integrity , 2014, STM.

[7]  Daniel Le Métayer,et al.  A Guide to End-to-End Privacy Accountability , 2015, 2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity.

[8]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[9]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[10]  Ta Vinh Thong,et al.  Privacy by Design: On the Conformance Between Protocols and Architectures , 2014, FPS.

[11]  Bernhard Thalheim,et al.  Architecture-Driven Modelling Methodologies , 2011, EJC.

[12]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.