Requirements Engineering

, Volume 24, Issue 1, pp 1–26 | Cite as

RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies

  • João CaramujoEmail author
  • Alberto Rodrigues da Silva
  • Shaghayegh Monfared
  • André Ribeiro
  • Pável Calado
  • Travis Breaux
Original Article


Mobile and web applications that manage users’ personal information require developers to align their software design with privacy requirements commonly described in privacy policies. These policies are often the sole means to enforce accountability on that data protection. We propose the RSL-IL4Privacy, a domain-specific language for specifying privacy policies that can be simultaneously manipulated by computers and authored and analyzed by humans. In addition, RSL-IL4Privacy can be used as an intermediate language to support model-to-model transformations from and into other related languages. RSL-IL4Privacy provides policy authors with means to define a privacy policy as a set of declarative statements with explicit relationships to services, data recipients, private data types and enforcement mechanisms. The RSL-IL4Privacy is defined with different technologies for supporting distinct levels of formality, namely support for multiple modes of presenting privacy requirements, including tabular, graphical and textual representations, to increase integration with a wider variety of authoring and analyzing practices. We apply this language to support the analysis and comparison of policies from Facebook, LinkedIn, Twitter, Dropbox and IMDb. We discuss with further detail the application of this approach to the Twitter policy by presenting several examples with multiple representations. Finally, we discuss how RSL-IL4Privacy can improve the quality of privacy policies and also identifies threats to validity.


Privacy policy Privacy requirement Domain-specific language RSL-IL4Privacy Eddy 



This work was partially supported by national funds under FCT projects UID/CEC/50021/2013, EXCL/EEI-ESS/0257/2012, CMUP-EPB/TIC/0053/2013 and the project TT-MDD-Mindbury/2014.


  1. 1.
    Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (2016). Accessed 14 Nov 2018
  2. 2.
    United States Department of Health and Human Service (2006) HIPAA administrative simplification: enforcement. Fed Regist/Rules Regul 71(32):2006. Accessed 14 Nov 2018
  3. 3.
    Government of Canadá (2018) Personal information protection and electronic documents act (PIPEDA). last updated in 2018.
  4. 4.
    Pohl K (2010) Requirements engineering: fundamentals, principles and techniques. Springer, New YorkCrossRefGoogle Scholar
  5. 5.
    Kovitz B (1998) Practical software requirements: manual of content and style, Manning 1998Google Scholar
  6. 6.
    Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16(1):3–32CrossRefGoogle Scholar
  7. 7.
  8. 8.
    Caramujo J, Silva AR (2015) Analyzing privacy policies based on a privacy-aware profile: the Facebook and LinkedIn case studies. In: IEEE 17th conference on business informatics (CBI), July 2015Google Scholar
  9. 9.
    Silva AR, Caramujo J, Monfared S, Calado P, Breaux T (2016) Improving the specification and analysis of privacy policies: the RSLingo4Privacy approach. In: International conference on enterprise information systems, SCITEPRESSGoogle Scholar
  10. 10.
    Bettini L (2013) Implementing domain-specific languages with Xtext and Xtend. Packt Publishing Ltd, BirminghamGoogle Scholar
  11. 11.
    Breaux TD, Hibshi H, Rao A (2014) Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requir Eng 19(3):281–307CrossRefGoogle Scholar
  12. 12.
    Van Deursen A, Klint P, Visser J (2000) Domain-specific languages: an annotated bibliography. ACM SIGPLAN Notices 35(6):26–36CrossRefGoogle Scholar
  13. 13.
    da Silva AR (2015) Model-driven engineering: a survey supported by a unified conceptual model. Comput Lang Syst Struct 43:139–155Google Scholar
  14. 14.
    Meyer J-J (1993) Deontic logic: a concise overview, deontic logic in computer science: normative system specification. Wiley, HobokenzbMATHGoogle Scholar
  15. 15.
    Horkoff J, Aydemir FB, Cardoso E, Li T, Maté A, Paja E, Salnitri M, Piras L, Mylopoulos J, Giorgini P (2017) Goal-oriented requirements engineering: an extended systematic mapping study, requirements engineering. Springer, New York, pp 1–28Google Scholar
  16. 16.
    Ribeiro A, Silva AR (2017) RSLingo4Privacy studio: a tool to improve the specification and analysis of privacy policies. In: International conference on enterprise information systems, SCITEPRESSGoogle Scholar
  17. 17.
    Baader F (2003) The description logic handbook: theory, implementantion and applications. Cambridge University Press, CambridgeGoogle Scholar
  18. 18.
    Han W, Lei C (2012) A survey on policy languages in network and security management. Comput Netw 56(1):477–489CrossRefGoogle Scholar
  19. 19.
    Anthonysamy P, Rashid A, Chitchyan R (2017) Privacy requirements: present and future. In: Proceedings of the 39th international conference on software engineering, IEEE PressGoogle Scholar
  20. 20.
    Kapitsaki G, Venieris I (2008) PCP: privacy-aware context profile towards context-aware application development. In: 10th international conference on information integration and web-based applications & services. pp 104–110Google Scholar
  21. 21.
    L. Kagal, T. Finin and A. Joshi, “A policy language for a pervasive computing environment”, 4th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 63—74, June 2003Google Scholar
  22. 22.
    Karat J, Karat CM, Brodie C, Feng J (2005) Designing natural language and structured entry methods for privacy policy authoring. In: Human–Computer Interaction—INTERACT. Springer, pp 671-684Google Scholar
  23. 23.
    W3C, The platform for privacy preferences (P3P) project: Accessed 14 Nov 2018
  24. 24.
    eXtensible Access Control Markup Language (XACML) Version 3.0. 22 January 2013. OASIS StandardGoogle Scholar
  25. 25.
    Enterprise Policy Authorization Language 1.2 (EPAL) Specification, W3C. Accessed 14 Nov 2018
  26. 26.
    P3P Preference Exchange Language 1.0 (APPEL) Specification, W3C, Accessed 14 Nov 2018
  27. 27.
    Cranor LF (2003) P3P: making privacy policies more useful. IEEE Secur Priv 6:50–55CrossRefGoogle Scholar
  28. 28.
    Backes M, Pfitzmann B, Schunter M (2003) A toolkit for managing enterprise privacy policies, In: European symposium on research in computer security. SpringerGoogle Scholar
  29. 29.
    Brodie CA, Karat C-M, Karat J (2006) An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In: Proceedings of the second symposium on Usable privacy and security. ACMGoogle Scholar
  30. 30.
    W3C, P3P 1.0 Implementations. Accessed 14 Nov 2018
  31. 31.
    Uszok A, Bradshaw J, Jeffers R, Suri N, Hayes P, Breedy M, Bunch L, Johnson M, Kulkarni S, Lott J (2003) KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: 4th IEEE international workshop on policies for distributed systems and networks, pp 93–96Google Scholar
  32. 32.
    Paja E, Dalpiaz F, Giorgini P (2015) Modeling and reasoning about security requirements in socio-technical systems. Data Knowl Eng 98:123–143CrossRefGoogle Scholar
  33. 33.
    W3C (2011) Notation3 (N3): a readable RDF syntax. Accessed 14 Nov 2018
  34. 34.
    Shah AB (2005) An integrated development environment for policies. Master Thesis. University of BaltimoreGoogle Scholar
  35. 35.
    Dalpiaz F, Paja E, Giorgini P (2016) Security requirements engineering: designing secure socio-technical systems. MIT Press, CambridgeGoogle Scholar
  36. 36.
    Wishart R, Corapi D, Marinovic S, Sloman M (2010) Collaborative privacy policy authoring in a social networking context. In: Proceedings of the policy symposium. IEEE, pp 1–8Google Scholar
  37. 37.
    Winkler S, Zeadally S (2016) Privacy policy analysis of popular web platforms. IEEETechnology and Society Magazine 35(2):75–85CrossRefGoogle Scholar
  38. 38.
    Gharib M, Giorgini P, Mylopoulos J (2017) Towards an ontology for privacy requirements via a systematic literature review. In: International conference on conceptual modeling. SpringerGoogle Scholar
  39. 39.
    Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Software Eng Knowl Eng 17(02):285–309CrossRefGoogle Scholar
  40. 40.
    Moore B, Ellesson E, Strassner J, Westerinen A (2001) Policy core information 1.0 specification, RFC 3060. Accessed 14 Nov 2018
  41. 41.
    Nadas A, Levendovszky T, Jackson EK, Madari I, Sztipanovits J (2014) A model-integrated authoring environment for privacy policies. Sci Comput Program. 89(Part B):105–125CrossRefGoogle Scholar
  42. 42.
    Breaux T, Anton A (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34:5–20CrossRefGoogle Scholar
  43. 43.
    Young J (2011) Commitment analysis to operationalize software requirements from privacy policies”. Requir Eng 16:33–46CrossRefGoogle Scholar
  44. 44.
    Nissenbaum H (2004) Privacy as contextual integrity. Wash L Rev 79:119Google Scholar
  45. 45.
    Solove DJ (2006) A taxonomy of privacy. Univ Pa Law Rev 154:477CrossRefGoogle Scholar
  46. 46.
    Massey A, Otto P, Hayward L, Anton A (2010) Evaluating existing security and privacy requirements for legal compliance. In: Proceedings of the REGoogle Scholar
  47. 47.
    Anton AI, Bertino E, Li N, Yu T (2007) A roadmap for comprehensive online privacy policy management. Commun ACM 50:109–116CrossRefGoogle Scholar
  48. 48.
    Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings 2006 IEEE symposium on security and privacyGoogle Scholar
  49. 49.
    Cleland-Huang J, Czauderna A, Gibiec M, Emenecker J (2010) A machine learning approach for tracing regulatory codes to product specific requirements. In: ICSEGoogle Scholar
  50. 50.
    Gervasi V, Zowghi D (2005) Reasoning about inconsistencies in natural language requirements. ACM Trans Softw Eng Methodol 14:277–330CrossRefGoogle Scholar
  51. 51.
    Guha A, Fredrikson M, Livshits B, Swamy N (2011) Verified security for browser extensions. In: 2011 IEEE symposium on security and privacyGoogle Scholar
  52. 52.
    Johnson ML, Egelman S, Bellovin SM (2012) Facebook and privacy: it’s complicated. In: SOUPSGoogle Scholar
  53. 53.
    Gurses S, Rizk R, Gunther O (2008) Privacy design in online social networks: learning from privacy breaches and community feedback. In: ICIS 2008 proceedings. ACMGoogle Scholar
  54. 54.
    Bonneau J, Preibusch S (2010) The privacy jungle: on the market for data protection in social networks. In: Economics of information security and privacy. SpringerGoogle Scholar
  55. 55.
    Acquisti A, Gross R (2006) Imagined communities: awareness, information sharing, and privacy on the facebook. In: Privacy enhancing technologies. SpringerGoogle Scholar
  56. 56.
    Drgon M, Magnuson G, Sabo J (eds) (2016) Privacy management reference model and methodology (PMRM) version 1.0. OASIS. Accessed 14 Nov 2018
  57. 57.
    Diamantopoulou V, Pavlidis M, Mouratidis H (2017) Privacy level agreements for public administration information systems. In: CAiSE 2017 forum and doctoral consortium papersGoogle Scholar
  58. 58.
    Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255CrossRefGoogle Scholar
  59. 59.
    Nurse JR, Atamli A, Martin A (2016) Towards a usable framework for modelling security and privacy risks in the smart home. In: International conference on human aspects of information security, privacy, and trust. Springer, pp 255–267Google Scholar
  60. 60.
    Bhatia J, Breaux T, Schaub F (2016) Privacy goal mining through hybridized task re-composition. ACM Trans Soft Eng Method 25:22Google Scholar
  61. 61.
    Gonçalves L, Silva AR (2018) Towards a catalogue of reusable security requirements, vulnerabilities and threats. In: Designing digitalization (ISD2018 Proceedings). ISBN:978-91-7753-876-9. Accessed 14 Nov 2018

Copyright information

© Springer-Verlag London Ltd., part of Springer Nature 2018

Authors and Affiliations

  1. 1.INESC-ID, Instituto Superior TécnicoUniversidade de LisboaLisbonPortugal
  2. 2.Institute for Software ResearchCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations