Abstract
Privacy policies are often used to fulfill the requirement of transparency of data protection legislation like the General Data Protection Regulation of the European Union. The privacy policies are used to describe how the data subject’s data are handled by the data controller. Domain and legal experts mostly create these policies manually. We propose a tool-supported method to improve the creation of accurate privacy policies based on information from the development phase of a system. During privacy and security threat analyses information about system behavior is collected in form of data-flow diagrams. These diagrams describe which data flows from where to where within the system and to which external actors.
Based on this data-flow information we can create the basic structure of a privacy policy, already containing the data-flows. The extracted information is one of the most important parts of a privacy policy, providing transparency when data is transferred to external parties.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
The Unified Modeling Language: https://www.omg.org/spec/UML/.
References
Amazon Europe Core: Amazon.de privacy policy (2022). https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010 &language=en_GB. Accessed 02 July 2023
Andow, B., et al.: Actions speak louder than words:Entity-Sensitive privacy policy and data flow analysis with PoliCheck. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 985–1002 (2020)
DeMarco, T.: Structure analysis and system specification. In: Broy, M., Denert, E. (eds.) Pioneers and Their Contributions to Software Engineering, pp. 255–288. Springer Berlin Heidelberg, Berlin, Heidelberg (2001). https://doi.org/10.1007/978-3-642-48354-7_9
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011). https://doi.org/10.1007/s00766-010-0115-7
European Parliament, Council of the European Union: Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union L119, 1–88 (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
Gerl, A.: Modelling of a privacy language and efficient policy-based de-identification. Thesis, Universität Passau (2020). https://nbn-resolving.org/urn:nbn:de:bvb:739-opus4-7674
Hjerppe, K., Ruohonen, J., Leppänen, V.: Extracting LPL privacy policy purposes from annotated web service source code. Softw. Syst. Model. 22(1), 331–349 (2023)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: UML 2002 - The Unified Modeling Language: Model Engineering, Concepts, and Tools 5th International Conference Dresden, Germany, September 30-October 4, 2002 Proceedings, pp. 412–425. Springer (2002)
Kohnfelder, L., Grag, P.: The threats to our products. Tech. rep., Microsoft Corporation (2009). https://nbn-resolving.org/urn:nbn:de:hbz:464--20210712-090625-4
Kunz, I., Weiss, K., Schneider, A., Banse, C.: Privacy property graph: towards automated privacy threat modeling via static graph-based analysis. Proc. Privacy Enhanc. Technol. 2, 171–187 (2023)
Leicht, J., Heisel, M.: P2BAC: Privacy policy based access control using P-LPL. In: Mori, P., Lenzini, G., Furnell, S. (eds.) 9th International Conference on Information Systems Security and Privacy, pp. 686–697. SciTePress (2023). https://doi.org/10.5220/0011788500003405
Leicht, J., Heisel, M., Gerl, A.: PriPoCoG: guiding policy authors to define GDPR-compliant privacy policies. In: Trust, Privacy and Security in Digital Business: 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings. pp. 1–16. Springer (2022)
Robles-González, A., Parra-Arnau, J., Forné, J.: A LINDDUN-based framework for privacy threat analysis on identification and authentication processes. Comput. Security 94, 101755 (2020)
Wang, X., Qin, X., Hosseini, M.B., Slavin, R., Breaux, T.D., Niu, J.: Guileak: Tracing privacy policy claims on user input data for android applications. In: Proceedings of the 40th International Conference on Software Engineering, pp. 37–47 (2018)
Acknowledgement
We thank Julien Lukasewycz for his useful input during the development of our approach, as well as writing this paper. We further thank the reviewers of this paper for their valuable input regarding the paper itself as well as the approach we presented.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Leicht, J., Wagner, M., Heisel, M. (2024). Creating Privacy Policies from Data-Flow Diagrams. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14398. Springer, Cham. https://doi.org/10.1007/978-3-031-54204-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-54204-6_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54203-9
Online ISBN: 978-3-031-54204-6
eBook Packages: Computer ScienceComputer Science (R0)