Skip to main content
SpringerLink
Log in

COPri - A Core Ontology for Privacy Requirements Engineering

  • Conference paper
  • First Online:
Research Challenges in Information Science (RCIS 2020)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 385))

Included in the following conference series:

Abstract

In their daily practice, most enterprises collect, store, and manage personal information for customers in order to deliver their services. In such a setting, privacy has emerged as a key concern as companies often neglect or even misuse personal data. In response to this, governments around the world have enacted laws and regulations for privacy protection. These laws dictate privacy requirements for any system that acquires and manages personal data. Unfortunately, these requirements are often incomplete and/or inaccurate as many RE practitioners might be unsure of what exactly are privacy requirements and how are they different from other requirements, such as security. To tackle this problem, we developed a comprehensive ontology for privacy requirements. To make it comprehensive, we base our ontology on a systematic review of the literature on privacy requirements. The contributions of this work include the derivation of an ontology from a previously conducted systematic literature review, an implementation using an ontology definition tool (Protégé), a demonstration of its coverage through an extensive example on Ambient Assisted Living, and a validation through a competence questionnaire answered by lexical semantics experts as well as privacy and security researchers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A detailed version of the systematic literature review can be found at [14].

  2. 2.

    The Ontology has been extended with Collect and Describes to capture situations when information describing some activities performed by a data subject (personal information) is being collected by others.

  3. 3.

    We treat “information owner” and “data subject” as synonyms.

  4. 4.

    The right to erasure (right to be forgotten) is essential in several privacy laws, yet we did not consider it since the use of information is limited to a specific, explicit, legitimate purpose (a goal), i.e., information will not be kept after achieving the goal.

  5. 5.

    The COPri ontology is available in OWL formal at https://goo.gl/AaqUxx.

  6. 6.

    http://protege.stanford.edu/.

  7. 7.

    Note that the main focus of the CQs is privacy requirements, not goal analysis.

  8. 8.

    If an actor is not playing any role, it will be impossible to authenticate it.

  9. 9.

    http://www.hermit-reasoner.com/.

  10. 10.

    http://oops.linkeddata.es/index.jsp.

  11. 11.

    Evaluation with OOPS! has been performed after evaluating the ontology with Protégé & HermiT, i.e., several pitfalls have been already detected and corrected.

  12. 12.

    The experts evaluation template can be found at https://goo.gl/ZEhLnN.

  13. 13.

    The survey template can be found at https://goo.gl/bro8nG.

References

  1. General Data Protection Regulation: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, and repealing Directive 95/46. Official J. Eur. Union (OJ) 59, 1–88 (2016)

    Google Scholar 

  2. Gharib, M., et al.: Privacy requirements: findings and lessons learned in developing a privacy platform. In: Proceedings - 24th International Requirements Engineering Conference, RE, pp. 256–265. IEEE (2016)

    Google Scholar 

  3. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008). https://doi.org/10.1007/s00766-008-0067-3

    Article  Google Scholar 

  4. Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405. ACM (2014)

    Google Scholar 

  5. Gharib, M., Giorgini, P., Mylopoulos, J.: Towards an ontology for privacy requirements via a systematic literature review. In: Mayr, H.C., Guizzardi, G., Ma, H., Pastor, O. (eds.) ER 2017. LNCS, vol. 10650, pp. 193–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69904-2_16

    Chapter  Google Scholar 

  6. Solove, D.J.: A taxonomy of privacy. Univ. PA Law Rev. 154(3), 477 (2006)

    Article  Google Scholar 

  7. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, pp. 1–98. Dresden University (2010)

    Google Scholar 

  8. Krasnova, H., Spiekermann, S., Koroleva, K., Hildebrand, T.: Online social networks: why we disclose. J. Inf. Technol. 25(2), 109–125 (2010)

    Article  Google Scholar 

  9. Awad, K.: The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Q. 30(1), 13 (2006)

    Article  Google Scholar 

  10. Souag, A., Salinesi, C., Mazo, R., Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 157–177. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15618-7_13

    Chapter  Google Scholar 

  11. Uschold, M.: Building ontologies: towards a unified methodology. In: Proceedings Expert Systems 1996, The 16th Annual Conference of the British Computer Society Specialist Group on Expert Systems, pp. 1–18 (1996)

    Google Scholar 

  12. Fernández-López, M., Gómez-Pérez, A., Juristo, N.: Methontology: from ontological art towards ontological engineering. In: AAAI-97 Spring Symposium Series SS-97-06, pp. 33–40 (1997)

    Google Scholar 

  13. Dong, H., Hussain, F.K., Chang, E.: Application of Protégé and SPARQL in the field of project knowledge management. In: Second International Conference on Systems and Networks Communications, ICSNC 2007 (2007)

    Google Scholar 

  14. Gharib, M., Giorgini, P., Mylopoulos, J.: Ontologies for privacy requirements engineering: a systematic literature review. preprint arXiv:1611.10097 (2016)

  15. Dritsas, S., et al.: A knowledge-based approach to security requirements for e-health applications. J. E-Commer. Tools Appl. 2, 1–24 (2006)

    Google Scholar 

  16. Turn, R.: Classification of personal information for privacy protection purposes, p. 301 (1976)

    Google Scholar 

  17. Gharib, M., Giorgini, P.: Modeling and reasoning about information quality requirements. In: Fricker, S.A., Schneider, K. (eds.) REFSQ 2015. LNCS, vol. 9013, pp. 49–64. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16101-3_4

    Chapter  Google Scholar 

  18. Gharib, M., Giorgini, P.: Analyzing trust requirements in socio-technical systems: a belief-based approach. In: Ralyté, J., España, S., Pastor, Ó. (eds.) PoEM 2015. LNBIP, vol. 235, pp. 254–270. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25897-3_17

    Chapter  Google Scholar 

  19. Mayer, N.: Model-based management of information system security risk. Ph.D. thesis, University of Namur (2009)

    Google Scholar 

  20. Mouratidis, H., Giorgini, P.: Secure Tropos: a security-oriented extension of the Tropos methodology. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)

    Article  Google Scholar 

  21. Gharib, M., Lollini, P., Bondavalli, A.: A conceptual model for analyzing information quality in System-of-Systems. In: 12th System of Systems Engineering Conference, SoSE 2017, pp. 1–6. IEEE (2017)

    Google Scholar 

  22. Gharib, M., Mylopoulos, J.: A Core Ontology for Privacy Requirements Engineering. preprint arXiv:1811.12621 (2018)

  23. Poveda, M., Suárez-Figueroa, M.C., Gómez-Pérez, A.: A double classification of common pitfalls in ontologies. In: OntoQual 2010 - Workshop on Ontology Quality. CEUR Workshop Proceedings, Lisbon, Portugal, pp. 1–12 (2010). ISBN: ISSN 1613-0073

    Google Scholar 

  24. Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: PrOnto: privacy ontology for legal reasoning. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2018. LNCS, vol. 11032, pp. 139–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98349-3_11

    Chapter  Google Scholar 

  25. Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Florence - DiMaI, Viale Morgagni 65, Florence, Italy

    Mohamad Gharib

  2. University of Trento - DISI, 38123, Povo, Trento, Italy

    John Mylopoulos & Paolo Giorgini

Authors
  1. Mohamad Gharib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Mylopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paolo Giorgini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamad Gharib .

Editor information

Editors and Affiliations

  1. Utrecht University, Utrecht, The Netherlands

    Fabiano Dalpiaz

  2. Stockholm University, Kista, Sweden

    Jelena Zdravkovic

  3. The Institute of Digital Innovation and Research, Dublin, Ireland

    Pericles Loucopoulos

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gharib, M., Mylopoulos, J., Giorgini, P. (2020). COPri - A Core Ontology for Privacy Requirements Engineering. In: Dalpiaz, F., Zdravkovic, J., Loucopoulos, P. (eds) Research Challenges in Information Science. RCIS 2020. Lecture Notes in Business Information Processing, vol 385. Springer, Cham. https://doi.org/10.1007/978-3-030-50316-1_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-50316-1_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-50315-4

  • Online ISBN: 978-3-030-50316-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation