Supporting privacy impact assessment by model-based privacy analysis

According to Article 35 of the General Data Protection Regulation (GDPR), data controllers are obligated to conduct a privacy impact assessment (PIA) to ensure the protection of sensitive data. Failure to properly protect sensitive data may affect data subjects negatively, and damage the reputation of data processors. Existing PIA approaches cannot be easily conducted, since they are mainly abstract or imprecise. Moreover, they lack a methodology to conduct the assessment concerning the design of IT systems. We propose a novel methodology to support PIA by performing model-based privacy and security analyses in the early phases of the system development. In our methodology, the design of a system is analyzed and, where necessary, appropriate security and privacy controls are suggested to improve the design. Hence, this methodology facilitates privacy by design as prescribed in Article 25 of the GDPR. We evaluated our methodology based on three industrial case studies and a quality-based comparison to the state of the art.

[1]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[2]  Anne Marsden,et al.  International Organization for Standardization , 2014 .

[3]  David Wright,et al.  Introducing a privacy impact assessment policy in the EU member states , 2013 .

[4]  Jan Jürjens,et al.  An Integrated Security Verification and Security Solution Design Trade-Off Analysis Approach , 2008 .

[5]  Denis Regaud Commission Nationale de l'Informatique et des Libertés , 2016 .

[6]  Jan Jürjens,et al.  Model-Based Privacy Analysis in Industrial Ecosystems , 2017, ECMFA.

[7]  Jan Jürjens,et al.  Model-based privacy and security analysis with CARiSMA , 2017, ESEC/SIGSOFT FSE.

[8]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[9]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[10]  Marit Hansen,et al.  A Process for Data Protection Impact Assessment Under the European General Data Protection Regulation , 2016, APF.

[11]  Jan Jürjens,et al.  Enhancing security requirements engineering by organizational learning , 2012, Requirements Engineering.

[12]  Bernhard Rumpe,et al.  Model-driven Development of Complex Software : A Research Roadmap , 2007 .

[13]  Jan Jürjens,et al.  Extending model-based privacy analysis for the industrial data space by exploiting privacy level agreements , 2018, SAC.

[14]  Martin Rost Datenschutz in 3D : Daten, Prozesse und Schutzziele in einem Modell (Aufsätze) , 2011 .

[15]  Josep Domingo-Ferrer,et al.  Privacy and Data Protection by Design - from policy to engineering , 2014, ArXiv.

[16]  Carlo Batini,et al.  Data Quality at a Glance , 2005, Datenbank-Spektrum.

[17]  Jan Jürjens,et al.  Formally testing fail-safety of electronic purse protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[18]  M. Hange IT-Sicherheitsberatung von Anwendern durch das Bundesamt für Sicherheit in der Informationstechnik , 1993 .

[19]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[20]  Harald Störrle,et al.  How are Conceptual Models used in Industrial Software Development?: A Descriptive Survey , 2017, EASE.

[21]  Andreas Pfitzmann,et al.  Datenschutz-Schutzziele — revisited , 2009, Datenschutz und Datensicherheit - DuD.

[22]  Martin Rost,et al.  Datenschutz in 3D , 2011, Datenschutz und Datensicherheit - DuD.

[23]  Sarah Spiekermann,et al.  A systematic methodology for privacy impact assessments: a design science approach , 2014, Eur. J. Inf. Syst..

[24]  Jan Jürjens,et al.  Supporting Model-Based Privacy Analysis by Exploiting Privacy Level Agreements , 2016, 2016 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).