Abstract
The General Data Protection Regulation (GDPR) requires transparency about the use of personal data. However, what does the transparency mean for an individual? This transparency is an ability of an individual to uniformly fulfill actions stated in the GDPR from checking his/her data usage to erasing data. An individual assumes that these actions are supported by services. Such a uniform aspect “Privacy as a Service” is proposed in this paper. The contribution of this work is a conceptual model of the GDPR for designing privacy services. This model has been built by a content coding of key Articles from the GDPR, followed by incremental conceptual modelling and, finally, adopting the business-generic pattern of a contract. With executable protocol models of two privacy services identified from the GDPR we illustrate how to use our conceptual model. This work contributes to a uniform understanding of privacy by design as “Privacy as a Service”. We discuss the semantic and organizational value of the proposed model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bartolini, C., Calabró, A., Marchetti, E.: Enhancing business process modelling with data protection compliance: an ontology-based proposal. In: ICISSP, pp. 421–428 (2019)
Blanco-Lainé, G., Sottet, J.-S., Dupuy-Chessa, S.: Using an enterprise architecture model for GDPR compliance principles. In: Gordijn, J., Guédria, W., Proper, H.A. (eds.) PoEM 2019. LNBIP, vol. 369, pp. 199–214. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35151-9_13
Bonatti, P.A., Kirrane, S., Petrova, I.M., Sauro, L.: Machine Understandable Policies and GDPR Compliance Checking. arXiv preprint arXiv:2001.08930 (2020)
Cavoukian, A., et al.: Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5 (2009)
GDPR: General Data Protection Regulation. https://gdpr-info.eu
Guarda, P., Ranise, S., Siswantoro, H.: Security analysis and legal compliance checking for the design of privacy-friendly information systems. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 247–254 (2017)
Information Commissioner’s Office (ICO): Privacy by Design (PbD). https://ec.europa.eu/eip/ageing/standards/ict-and-communication/data/pbd-privacy-design_en (2020)
Kilov, H.: Business modelling: understandable patterns, practices, and tools. In: Roubtsova, E., McNeile, A., Kindler, E., Gerth, C. (eds.) Behavior Modeling – Foundations and Applications. LNCS, vol. 6368, pp. 3–27. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21912-7_1
Koops, B.J., Leenes, R.: Privacy regulation cannot be hardcoded. a critical comment on the ‘privacy by design’ provision in data-protection law. Int. Rev. Law Comput. Technol. 28(2), 159–171 (2014)
McNeile, A., Roubtsova, E.: CSP parallel composition of aspect models. In: Proceedings of the 2008 AOSD Workshop on Aspect-Oriented Modeling, pp. 13–18 (2008)
McNeile, A., Roubtsova, E.: Aspect-oriented development using protocol modeling. In: Katz, S., Mezini, M., Kienzle, J. (eds.) Transactions on Aspect-Oriented Software Development VII. LNCS, vol. 6210, pp. 115–150. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16086-8_4
McNeile, A., Simons, N.: http://www.metamaxim.com/
Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 63(2), 81 (1956)
Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: PrOnto: privacy ontology for legal reasoning. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2018. LNCS, vol. 11032, pp. 139–152. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98349-3_11
Protocol Modelling: Models. https://newprotocolmodelling.weebly.com/models.html (2020)
Reisig, W., Bretschneider, J., Fahland, D., Lohmann, N., Massuthe, P., Stahl, C.: Services as a paradigm of computation. In: Formal Methods and Hybrid Real-time Systems, pp. 521–538. Springer (2007)
Robaldo, L., Sun, X.: Reified input/output logic: combining input/output logic and reification to represent norms coming from existing legislation. J. Logic Comput. 27(8), 2471–2503 (2017)
Romansky, R., Kirilov, K.: Architectural design and modelling of a web based application for GDPR clarification. In: AIP Conference Proceedings, vol. 2048, p. 060006. AIP Publishing LLC (2018)
Roubtsova, E.: Goal modeling for interaction. Interactive Modeling and Simulation in Business System Design. SFMA, pp. 47–60. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-15102-1_3
Schaar, P.: Privacy by design. Identity Inf. Soc. 3(2), 267–274 (2010)
Solove, D.J.: A taxonomy of privacy. U. Pa. L. Rev. 154, 477 (2005)
Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl.-Based Syst. 10(05), 557–570 (2002)
TermsFeed: What Activities Count as Processing Under the GDPR? https://www.termsfeed.com/blog/gdpr-processing-activities/ (2020)
The Open Group: ArchiMate 3.1 Specification (2012–2019)
Tom, J., Sing, E., Matulevičius, R.: Conceptual representation of the GDPR: model and application directions. In: Zdravkovic, J., Grabis, J., Nurcan, S., Stirna, J. (eds.) BIR 2018. LNBIP, vol. 330, pp. 18–28. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99951-7_2
Voigt, P., von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). A Practical Guide. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57959-7
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Appendix. Coding of the GDPR articles
GDPR ARTICLE (paragraph) | Citation | Concepts | Relations |
|---|---|---|---|
Article 12 Transparency of information [1], p. 1, 2, 3 | 1. “The controller shall take appropriate measures to provide any information referred to in Art. 13, 14, 15–22 and 34 ...relating to processing to the data subject \(\ldots \) in writing, or by or by other means, including, where appropriate, by electronic means.”“When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.” 2. “the controller shall not refuse to act on the request of the data subject for exercising his or her rights “ 3“ The controller shall provide information on action taken on a request... to the data subject without undue delay and in any event within one month of receipt of the request. ” | Controller (C), Data Subject (DS), Request (R), Information provided to DS about data processing | C takes measures and provides DS written, electronic or oral information about data processing. DS can request C about information about data processing C answers any request initiated by DS within one month on request. Aspect: Timeliness of a response to a request of a DS |
Article 12, p. 3 | 3. “That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.” | Controller (C), Data Subject (DS) | C informs DS about additional extension of reactions with one month and the reasons. Aspect: Timeliness of a response to a request of a DS |
Article 12, p. 4. | 4. “ the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complain with a supervisory authority and seeking a judicial remedy.” | C, DS, Supervisory Authority (SA) | C informs DS about not taking action and on the possibility to complain with a SA |
Article 12, p.5 | 5. “Information ...shall be provided free of charge”. “ Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either: charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.” “The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.” | C, DS | Aspect: Costs of Repeated requests: C Charges DS; C sends a refuse to act with explanation to DS |
Article 12, p.6 | 6. “the controller may request the provision of additional information necessary to confirm the identity of the data subject.” | C, DS | C asks DS to provide identity information DS provides identity information to C |
Article 13 p. 3 | “Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information...” | C, DS, Personal Data | Aspect Purpose Changing: If the purpose of personal data processing is changed, C informs DS about this |
Article 14. | “Where personal data have not been obtained from the data subject, the controller shall provide the data subject with” the elements of the given list similar to Article 13 p. 1, 2. The new elements are source from which the personal data originate” and “existence of automated decision- making including profiling”. | Personal Data, Source from which the personal data originate, Information Collection | C informs DS about all attributes of Information collection when the data of DS have been obtained from another source |
Article 13 p. 1, 2 | 1.“Where personal data relating to a data subject are collected from the data subject, the controller shall,.. provide the data subject with all of the following information: -the identity and the contact details of the controller and, where applicable, of the controller’s representative; -the contact details of the data protection officer, where applicable; -the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;... -the recipients or categories of recipients of the personal data, if any -where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation ...” 2.-“ the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; -the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;” -“...the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; -the right to lodge a complaint with a supervisory authority; whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;...” | Personal Data, Information Collection, Recipient of personal data, Supervisory Authority | Information Collection contains the following attributes: -DS; -contacts of the Controller, protection officer; -purpose of personal data processing; -recipients of personal Data; -International recipients; -period of data storage, -existence of DS rights to 1. access, 2. restrict, 3. erase, 4. make portable, 5. complain to a supervisory authority |
Article 15–22 | Rights of DS Access, Rectify, Erase, Restrict, Be notified, Make personal data portable, Object, complain, Give permission for automated decision making and profiling | DS | Rights may demand potential services |
Article 23 | “Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights ..., when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard: national security; defence; public security” | Union or Member State law | Aspect: Restriction of rights and access to services |
Art. 26 | “In a controller-processor relationship, the latter is only allowed to process personal data based on the documented instructions from the controller.” | C, Processor (P) | C instructs P |
Art. 28 | Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing | C, Processor (P) | C and P are bound by a contract or an act |
B Appendix. Protocol Model of the Services Obtain Consent and Erase Data
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Roubtsova, E., Bosua, R. (2021). Privacy as a Service (PraaS): A Conceptual Model of GDPR to Construct Privacy Services. In: Shishkov, B. (eds) Business Modeling and Software Design. BMSD 2021. Lecture Notes in Business Information Processing, vol 422. Springer, Cham. https://doi.org/10.1007/978-3-030-79976-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-79976-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79975-5
Online ISBN: 978-3-030-79976-2
eBook Packages: Computer ScienceComputer Science (R0)