Browse Prior Art Database

Method for Automatically Deriving the Privacy Policy for a Service from a Set of Process Models Disclosure Number: IPCOM000245320D
Publication Date: 2016-Feb-29
Document File: 6 page(s) / 218K

Publishing Venue

The Prior Art Database


We present a method to semi-automatically derive the privacy policy of a given model. Our method takes into account existing constraints such as local law, best practices and the like. The derived policy can be used for further processing and the announcement of privacy policies to users.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 23% of the total text.

Page 01 of 6

Method for Automatically Deriving the Privacy Policy for a Service from a Set of Process Models

Many of today's services require business processes to be executed. They normally need to process personal data of the customers. Business processes of this kind are often composed processes, where the components may be executed by different parties, particularly also external service providers with services increasingly provisioned through cloud-based mechanisms. The service provider needs to, in its legal role of being a data controller, announce a privacy policy specifying how the processed personal data must be handled by itself and its affiliates . In today's business process design practice, the privacy policy is drafted manually for a service or collection of services and agreements are put in place with affiliate companies to handle the data they receive in accordance with this privacy policy. We propose a method for (semi-)automatically deriving the privacy policy for a composed service or a set of such from the business process models specifying those services. This approach outperforms today's approach in that the policy

is automatically derived based on the requirements of and utilizing

the information from the formal specification of the processes and data flows. This leads to a reduction of the effort of defining the privacy policy and decreases the likelihood of introducing errors in the privacy policy resulting in non-compliance with data protection legislation and the resulting fines, especially if external requirements, e.g., from the legal side, need to be incorporated. Existing work falls short in at least one of these aspects.

Scheme: Every task T either is atomic, or consists of n sub-tasks. Each sub-task Ti either consist of sub-tasks themselves or is atomic. Every (sub-)task has at least one associated edge, i.e., a channel, which either inputs data to the task or a channel which outputs data from the task to other tasks. A special task is a database, which serves as either a sink for data or a source of data. For convenience we require that each database must have an associated privacy policy for each data stored. Each task thus receives some input data, processes it, and outputs some data to other tasks. Each task also has an attached auxiliary policy, which essentially imposes privacy requirements on the tasks, e.g., requirements derived from legislation, functional requirements, best-practices and/or company policies.

Idea: Consider that a user wants to order a ticket for flight from Zurich to New York City using a flight booking portal, and has already figured out which flight it wants to take. The task is therefore that the flight booking portal has to provide the aviation carrier the information it requires, and the data it requires by itself. For example, the payment data needs to be stored by the flight booking portal due to frequent tax checks. Moreover, assume that due to legislation, the passenger na...