A Privacy-Aware Conceptual Model for Handling Personal Data

Handling personal data adequately is one of the biggest challenges of our era. Consequently, law and regulations are in the process of being released, like the European General Data Protection Regulation (GDPR), which attempt to deal with these challenging issue early on. The core question motivating this work is how software developers can validate their technical design vis-a-vis the prescriptions of the privacy legislation. In this paper, we outline the technical concepts related to privacy that need to be taken into consideration in a software design. Second, we extend a popular design notation in order to support the privacy concepts illustrated in the previous point. Third, we show how some of the prescriptions of the privacy legislation and standards may be related to a technical design that employs our enriched notation, which would facilitate reasoning about compliance.

[1]  G. Danezis,et al.  Privacy and Data Protection by Design , 2015 .

[2]  Lars Michael Kristensen,et al.  Coloured Petri Nets - Modelling and Validation of Concurrent Systems , 2009 .

[3]  R. Sarathy,et al.  Fool's Gold: an Illustrated Critique of Differential Privacy , 2013 .

[4]  Ellis S. Cohen Information transmission in computational systems , 1977, SOSP '77.

[5]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[6]  A. Cavoukian Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era , 2012 .

[7]  Glenford J. Myers,et al.  Structured Design , 1999, IBM Syst. J..

[8]  C. Petri Kommunikation mit Automaten , 1962 .

[9]  J. Rubenfeld The Right of Privacy , 1989 .

[10]  Privacy by design in big data , 2015 .

[11]  Michael Carl Tschantz,et al.  Formal Methods for Privacy , 2009, FM.

[12]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[13]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[14]  Andrew C. Simpson,et al.  Formal Models for Privacy , 2016, EDBT/ICDT Workshops.

[15]  David Sands,et al.  Differential Privacy , 2015, POPL.

[16]  Bettina Berendt,et al.  Privacy by Design: From Research and Policy to Practice - the Challenge of Multi-disciplinarity , 2015, APF.

[17]  Siani Pearson,et al.  Sticky Policies: An Approach for Managing Privacy across Multiple Parties , 2011, Computer.

[18]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.