Abstract
Handling personal data adequately is one of the biggest challenges of our era. Consequently, law and regulations are in the process of being released, like the European General Data Protection Regulation (GDPR), which attempt to deal with these challenging issue early on. The core question motivating this work is how software developers can validate their technical design vis-a-vis the prescriptions of the privacy legislation. In this paper, we outline the technical concepts related to privacy that need to be taken into consideration in a software design. Second, we extend a popular design notation in order to support the privacy concepts illustrated in the previous point. Third, we show how some of the prescriptions of the privacy legislation and standards may be related to a technical design that employs our enriched notation, which would facilitate reasoning about compliance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
See the “Building Security in Maturity Model” (https://www.bsimm.com/).
- 2.
Law makers use techniques such as legal drafting which include a set of techniques and patterns to improve law consistency and clarity. However, they should be best regarded as best practices than as full-fledged analysis tools.
- 3.
- 4.
Many dependency analysis rely on syntactic dependence, which is weak from a security standpoint, but reasonable for debugging cases to support the designer when it is assumed there is no voluntary attack.
- 5.
European Union Agency for Network and Information Security.
References
Abe, A., Simpson, A.: Formal models for privacy. In: EDBT/ICDT Workshops. CEUR Workshop Proceedings, vol. 1558 (2016). CEUR-WS.org
Bambauer, J., Muralidhar, K., Sarathy, R.: Fool’s gold: an illustrated critique of differential privacy. Vanderbilt J. Entert. Tech. Law 16(4), 701–755 (2014)
Cavoukian, A.: Privacy by design: origins, meaning, and prospects. In: Privacy Protection Measures and Technologies in Business Organisation: Aspects and Standards, p. 170 (2011)
Cohen, E.: Information transmission in computational systems. SIGOPS Oper. Syst. Rev. 11(5), 133–139 (1977)
D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., Bourka, A.: Privacy by design in big data. ENISA report, December 2015
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.H., Le Métayer, D., Tirtea, R., Schiffner, S.: Privacy and data protection by design. ENISA report, January 2015
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2010)
Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)
Ebadi, H., Sands, D., Schneider, G.: Differential Privacy: Now it’s Getting Personal. In: POPL 2015, pp. 69–81. ACM (2015)
European Commission: Proposal for a general data protection regulation. In: Codecision Legislative Procedure for a Regulation 2012/0011 (COD). European Commission, Brussels, Belgium, January 2012
Jensen, K., Kristensen, L.M.: Coloured Petri Nets: Modelling and Validation of Concurrent Systems. Springer Science & Business Media, Heidelberg (2009)
McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: ACM SIGMOD 2009, pp. 19–30. ACM (2009)
Pearson, S., Mont, M.C.: Sticky policies: an approach for managing privacy across multiple parties. IEEE Comput. 44(9), 60–68 (2011)
Petri, C.A.: Kommunikation mit automaten. Ph.D. thesis, Institut für instrumentelle Mathematik, Bonn (1962)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Stevens, W.P., Myers, G.J., Constantine, L.L.: Structured design. IBM Syst. J. 13(2), 115–139 (1974)
Tschantz, M.C., Wing, J.M.: Formal methods for privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)
Tsormpatzoudi, P., Berendt, B., Coudert, F.: Privacy by design: from research and policy to practice– the challenge of multi-disciplinarity. In: Berendt, B., et al. (eds.) APF 2015. LNCS, vol. 9484, pp. 199–212. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31456-3_12
Warren, S.D., Brandeis, L.D.: The right to privacy. In: Harvard Law Review, pp. 193–220 (1890)
Acknowledgements
This research has been supported by the Swedish funding agency SSF under the grant DataBIn: Data Driven Secure Business Intelligence.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Antignac, T., Scandariato, R., Schneider, G. (2016). A Privacy-Aware Conceptual Model for Handling Personal Data. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques. ISoLA 2016. Lecture Notes in Computer Science(), vol 9952. Springer, Cham. https://doi.org/10.1007/978-3-319-47166-2_65
Download citation
DOI: https://doi.org/10.1007/978-3-319-47166-2_65
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47165-5
Online ISBN: 978-3-319-47166-2
eBook Packages: Computer ScienceComputer Science (R0)