University of Koblenz-Landau and Fraunhofer-Institute published a paper on Supporting Model-based Privacy Analysis.
Short description of the paper:
In this paper, a metamodel for the Privacy Level Agreements (PLAs) is provided. Security and privacy are increasing concerns for both IT service customers and providers.
According to cloud security alliance (CSA), privacy level agreements (PLAs) are intended to be used as appendixes to service level agreements and are likely to become as an industry standardized way for cloud service providers to describe the level of privacy and data protection.
In this paper, an approach to verify whether the system design of a service provider supports the service customer’s privacy and security preferences, by exploiting PLAs, is introduced. In the first step, the PLAs are formalized in form of a metamodel. This metamodel is based on the PLA outline provided by CSA, which is originally based on Directive 95/46/EC. In this research, first it is investigated if an adaptation of the PLA outline with respect to the Regulation 2016/679 (repealing of Directive 95/46/EC) on the protection of natural persons with respect to the processing of personal data, is required. Afterwards, it is described how the PLAs are used to support model-based privacy and security analyses.
At this Link the full version of the article.