A Privacy-Aware Conceptual Model for Handling Personal Data
Handling personal data adequately is one of the biggest challenges of our era. Consequently, law and regulations are in the process of being released, like the European General Data Protection Regulation (GDPR), which attempt to deal with these challenging issue early on. The core question motivating this work is how software developers can validate their technical design vis-a-vis the prescriptions of the privacy legislation. In this paper, we outline the technical concepts related to privacy that need to be taken into consideration in a software design. Second, we extend a popular design notation in order to support the privacy concepts illustrated in the previous point. Third, we show how some of the prescriptions of the privacy legislation and standards may be related to a technical design that employs our enriched notation, which would facilitate reasoning about compliance.
KeywordsPrivacy Conceptual model Data flow diagrams
This research has been supported by the Swedish funding agency SSF under the grant DataBIn: Data Driven Secure Business Intelligence.
- 1.Abe, A., Simpson, A.: Formal models for privacy. In: EDBT/ICDT Workshops. CEUR Workshop Proceedings, vol. 1558 (2016). CEUR-WS.org
- 2.Bambauer, J., Muralidhar, K., Sarathy, R.: Fool’s gold: an illustrated critique of differential privacy. Vanderbilt J. Entert. Tech. Law 16(4), 701–755 (2014)Google Scholar
- 3.Cavoukian, A.: Privacy by design: origins, meaning, and prospects. In: Privacy Protection Measures and Technologies in Business Organisation: Aspects and Standards, p. 170 (2011)Google Scholar
- 5.D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., Bourka, A.: Privacy by design in big data. ENISA report, December 2015Google Scholar
- 6.Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.H., Le Métayer, D., Tirtea, R., Schiffner, S.: Privacy and data protection by design. ENISA report, January 2015Google Scholar
- 9.Ebadi, H., Sands, D., Schneider, G.: Differential Privacy: Now it’s Getting Personal. In: POPL 2015, pp. 69–81. ACM (2015)Google Scholar
- 10.European Commission: Proposal for a general data protection regulation. In: Codecision Legislative Procedure for a Regulation 2012/0011 (COD). European Commission, Brussels, Belgium, January 2012Google Scholar
- 12.McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: ACM SIGMOD 2009, pp. 19–30. ACM (2009)Google Scholar
- 14.Petri, C.A.: Kommunikation mit automaten. Ph.D. thesis, Institut für instrumentelle Mathematik, Bonn (1962)Google Scholar
- 15.Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)Google Scholar
- 19.Warren, S.D., Brandeis, L.D.: The right to privacy. In: Harvard Law Review, pp. 193–220 (1890)Google Scholar