Skip to main content

A Privacy-Aware Conceptual Model for Handling Personal Data

  • Conference paper
  • First Online:
Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques (ISoLA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9952))

Included in the following conference series:

Abstract

Handling personal data adequately is one of the biggest challenges of our era. Consequently, law and regulations are in the process of being released, like the European General Data Protection Regulation (GDPR), which attempt to deal with these challenging issue early on. The core question motivating this work is how software developers can validate their technical design vis-a-vis the prescriptions of the privacy legislation. In this paper, we outline the technical concepts related to privacy that need to be taken into consideration in a software design. Second, we extend a popular design notation in order to support the privacy concepts illustrated in the previous point. Third, we show how some of the prescriptions of the privacy legislation and standards may be related to a technical design that employs our enriched notation, which would facilitate reasoning about compliance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    See the “Building Security in Maturity Model” (https://www.bsimm.com/).

  2. 2.

    Law makers use techniques such as legal drafting which include a set of techniques and patterns to improve law consistency and clarity. However, they should be best regarded as best practices than as full-fledged analysis tools.

  3. 3.

    https://www.media.volvocars.com/global/en-gb/media/videos/159534/slippery-road-alert-technology-by-volvo-cars5.

  4. 4.

    Many dependency analysis rely on syntactic dependence, which is weak from a security standpoint, but reasonable for debugging cases to support the designer when it is assumed there is no voluntary attack.

  5. 5.

    European Union Agency for Network and Information Security.

References

  1. Abe, A., Simpson, A.: Formal models for privacy. In: EDBT/ICDT Workshops. CEUR Workshop Proceedings, vol. 1558 (2016). CEUR-WS.org

  2. Bambauer, J., Muralidhar, K., Sarathy, R.: Fool’s gold: an illustrated critique of differential privacy. Vanderbilt J. Entert. Tech. Law 16(4), 701–755 (2014)

    Google Scholar 

  3. Cavoukian, A.: Privacy by design: origins, meaning, and prospects. In: Privacy Protection Measures and Technologies in Business Organisation: Aspects and Standards, p. 170 (2011)

    Google Scholar 

  4. Cohen, E.: Information transmission in computational systems. SIGOPS Oper. Syst. Rev. 11(5), 133–139 (1977)

    Article  Google Scholar 

  5. D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., Bourka, A.: Privacy by design in big data. ENISA report, December 2015

    Google Scholar 

  6. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.H., Le Métayer, D., Tirtea, R., Schiffner, S.: Privacy and data protection by design. ENISA report, January 2015

    Google Scholar 

  7. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2010)

    Article  Google Scholar 

  8. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Ebadi, H., Sands, D., Schneider, G.: Differential Privacy: Now it’s Getting Personal. In: POPL 2015, pp. 69–81. ACM (2015)

    Google Scholar 

  10. European Commission: Proposal for a general data protection regulation. In: Codecision Legislative Procedure for a Regulation 2012/0011 (COD). European Commission, Brussels, Belgium, January 2012

    Google Scholar 

  11. Jensen, K., Kristensen, L.M.: Coloured Petri Nets: Modelling and Validation of Concurrent Systems. Springer Science & Business Media, Heidelberg (2009)

    Book  MATH  Google Scholar 

  12. McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: ACM SIGMOD 2009, pp. 19–30. ACM (2009)

    Google Scholar 

  13. Pearson, S., Mont, M.C.: Sticky policies: an approach for managing privacy across multiple parties. IEEE Comput. 44(9), 60–68 (2011)

    Article  Google Scholar 

  14. Petri, C.A.: Kommunikation mit automaten. Ph.D. thesis, Institut für instrumentelle Mathematik, Bonn (1962)

    Google Scholar 

  15. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

    Google Scholar 

  16. Stevens, W.P., Myers, G.J., Constantine, L.L.: Structured design. IBM Syst. J. 13(2), 115–139 (1974)

    Article  Google Scholar 

  17. Tschantz, M.C., Wing, J.M.: Formal methods for privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Tsormpatzoudi, P., Berendt, B., Coudert, F.: Privacy by design: from research and policy to practice– the challenge of multi-disciplinarity. In: Berendt, B., et al. (eds.) APF 2015. LNCS, vol. 9484, pp. 199–212. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31456-3_12

    Chapter  Google Scholar 

  19. Warren, S.D., Brandeis, L.D.: The right to privacy. In: Harvard Law Review, pp. 193–220 (1890)

    Google Scholar 

Download references

Acknowledgements

This research has been supported by the Swedish funding agency SSF under the grant DataBIn: Data Driven Secure Business Intelligence.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Thibaud Antignac .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Antignac, T., Scandariato, R., Schneider, G. (2016). A Privacy-Aware Conceptual Model for Handling Personal Data. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques. ISoLA 2016. Lecture Notes in Computer Science(), vol 9952. Springer, Cham. https://doi.org/10.1007/978-3-319-47166-2_65

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47166-2_65

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47165-5

  • Online ISBN: 978-3-319-47166-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics