Model-based Privacy Analysis in Industrial Ecosystems

A research paper from the University of Koblenz landau is Accepted in the ECMFA Conference.

Article 25 of Regulation (EU) 2016/679 refers to data protection by design and by default. Privacy and data protection by design implies that IT systems need to be adapted or focused to technically support privacy and data protection.

To this end, it must be verified whether security and privacy are supported by a system, or any change in the design of the system is required. In this paper, a model-based privacy analysis approach is provided to analyze IT systems that provide IT services to service customers. An IT service may rely on different enterprises to process the data that is provided by service customers. Therefore, the approach is modular in the sense that it analyzes the system design of each enterprise individually. The approach is based on the four privacy fundamental elements, namely purpose, visibility, granularity, and retention. We present an implementation of the approach based on the CARiSMA tool.

To evaluate the approach, it is applied to the case studies introduced in VisiOn Project.