Model-driven Privacy

Authors: Srdan Krstic (ETH Zurich), Hoang Nguyen (ETH Zurich), David Basin (ETH Zurich)

Volume: 2024
Issue: 1
Pages: 314–329
DOI: https://doi.org/10.56553/popets-2024-0018

Artifact: Reproduced

Download PDF

Abstract: Data protection regulations in many countries require IT systems to implement baseline privacy requirements like purpose limitation and consent as mandated by the GDPR. Such requirements are often specified in the system’s privacy policy and are challenging to implement as system developers must address them consistently and in a cross-cutting manner. Moreover, without a formal connection between a system’s privacy policy and its implementation, the system’s correctness and evolution are extremely difficult to attain. We propose a model-driven development methodology that incorporates privacy policies into the system design. Namely, we define a system’s privacy model, which has precise semantics and is used to specify privacy policies. We provide semantic-preserving model transformations that generate system implementations that enforce the given privacy policies by design. We implement two such model transformations, targeting C# and Python system implementations. We evaluate our methodology on three substantial case studies and show the enforcement of privacy policies related to purpose limitation and consent. Our evaluation also demonstrates our approach’s generality, effectiveness, and modest overhead.

Keywords: model-driven development, privacy, data protection, UML

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.