Run-Time Monitoring of Data-Handling Violations

  • Jassim HappaEmail author
  • Nick Moffat
  • Michael Goldsmith
  • Sadie Creese
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11387)


Organisations are coming under increasing pressure to respect and protect personal data privacy, especially with the European Union’s General Data Protection Regulation (GDPR) now in effect. As legislation and regulation evolve to incentivise such data-handling protection, so too does the business case for demonstrating compliance both in spirit and to the letter. Compliance will require ongoing checks as modern systems are constantly changing in terms of digital infrastructure services and business offerings, and the interaction between human and machine. Therefore, monitoring for compliance during run-time is likely to be required. There has been limited research into how to monitor how well a system respects consents given, and withheld, pertaining to handling and onward sharing. This paper proposes a finite-state-machine method for detecting violations of preferences (consents and revocations) expressed by Data Subjects regarding use of their personal data, and also violations of any related obligations that might be placed upon data handlers (data controllers and processors). Our approach seeks to enable detection of both accidental and malicious compromises of privacy properties. We also present a concept demonstrator to show the feasibility of our approach and discuss its design and technical implementation.


Privacy Run-time monitoring Policy-violation checking 



This research was conducted as a part of the PROTECTIVE project. This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No. 700071. This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

The EnCoRe project [11] was an interdisciplinary research project, a collaboration between UK industry and academia, partially funded by the UK Technology Strategy Board (TP/12/NS/P0501A), the UK Engineering and Physical Sciences Research Council and the UK Economic and Social Research Council (EP/G002541/1).


  1. 1.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: 2006 IEEE Symposium on Security and Privacy, 15-p. IEEE (2006)Google Scholar
  2. 2.
    Basin, D., Debois, S.: and Thomas Hildebrandt. Compliance under the GDPR, On purpose and by necessity (2018)Google Scholar
  3. 3.
    Basin, D., Klaedtke, F., Marinovic, S., Zălinescu, E.: Monitoring of temporal first-order properties with aggregations. Form. Methods Syst. Des. 46(3), 262–285 (2015)CrossRefGoogle Scholar
  4. 4.
    British Parliament. Data Protection Act. London Stationery Office (1998)Google Scholar
  5. 5.
    Brooks, S., Brooks, S., Garcia, M., Lefkovitz, N., Lightman, S., Nadeau, E.: An Introduction to Privacy Engineering and Risk Management in Federal Systems. US Department of Commerce, National Institute of Standards and Technology (2017)Google Scholar
  6. 6.
    Cavoukian, A.: Privacy by design. 7 foundational principles (2011).
  7. 7.
    Cavoukian, A., et al.: Privacy by design documentation for software engineers version 1.0. (PbD-SE). Organization for the Advancement of Structured Information Standards (OASIS), Burlington (2014)Google Scholar
  8. 8.
    Chowdhury, O., Jia, L., Garg, D., Datta, A.: Temporal mode-checking for runtime monitoring of privacy policies. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 131–149. Springer, Cham (2014). Scholar
  9. 9.
    Daniel, F., et al.: Business compliance governance in service-oriented architectures. In: International Conference on Advanced Information Networking and Applications, AINA 2009, pp. 113–120. IEEE (2009)Google Scholar
  10. 10.
    Datta, A., et al.: Understanding and protecting privacy: formal semantics and principled audit mechanisms. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 1–27. Springer, Heidelberg (2011). Scholar
  11. 11.
    EnCoRe project partners. Encore: Ensuring consent and revocation (2008).
  12. 12.
  13. 13.
    Fawcett, T.: An introduction to ROC analysis. Pattern Recognit. Lett. 27(8), 861–874 (2006)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., Papadopoulos, C.: Privacy principles for sharing cyber security data. In: 2015 IEEE Security and Privacy Workshops (SPW), pp. 193–197. IEEE (2015)Google Scholar
  15. 15.
    Garg, D., Jia, L., Datta, A.: Policy auditing over incomplete logs: theory, implementation and applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 151–162. ACM (2011)Google Scholar
  16. 16.
    Koops, B.-J., Leenes, R.: Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’ provision in data-protection law. International Review of Law, Computers & Technology 28(2), 159–171 (2014)CrossRefGoogle Scholar
  17. 17.
    Liu, Y., Muller, S., Ke, X.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335–361 (2007)CrossRefGoogle Scholar
  18. 18.
    Luckham, D.: The power of events: an introduction to complex event processing in distributed enterprise systems. In: Bassiliades, N., Governatori, G., Paschke, A. (eds.) RuleML 2008. LNCS, vol. 5321, p. 3. Springer, Heidelberg (2008). Scholar
  19. 19.
    Movius, L.B., Krup, N.: US and EU privacy policy: comparison of regulatory approaches. Int. J. Commun. 3, 19 (2009)Google Scholar
  20. 20.
    Mulo, E., Zdun, U., Dustdar, S.: Monitoring web service event trails for business compliance. In: 2009 IEEE International Conference on Service-oriented Computing and Applications (SOCA), pp. 1–8. IEEE (2009)Google Scholar
  21. 21.
    O’Leary, D.E., Bonorris, S., Klosgen, W., Khaw, Y.-T., Lee, H.-Y., Ziarko, W.: Some privacy issues in knowledge discovery: the OECD personal privacy guidelines. IEEE Expert 10(2), 48–59 (1995)CrossRefGoogle Scholar
  22. 22.
    Papanikolaou, N., Creese, S., Goldsmith, M., Mont, M.C., Pearson, S.: Encore: towards a holistic approach to privacy. In: Proceedings of the 2010 International Conference on Security and Cryptography (SECRYPT), pp. 1–6. IEEE (2010)Google Scholar
  23. 23.
    Roscoe, B.: The theory and practice of concurrency (1998)Google Scholar
  24. 24.
    Sarbanes-Oxley Act. Sarbanes-oxley act of 2002. Public Law (107–204) (2002)Google Scholar
  25. 25.
    Soto-Mendoza, V., Serrano-Alvarado, P., Desmontils, E., Garcia-Macias, J.A.: Policies composition based on data usage context. In: Sixth International Workshop on Consuming Linked Data (COLD 2015) at ISWC (2015)Google Scholar
  26. 26.
    Sundaram, A.: An introduction to intrusion detection. Crossroads 2(4), 3–7 (1996)CrossRefGoogle Scholar
  27. 27.
    Tran, H., et al.: An end-to-end framework for business compliance in process-driven SOAs. In: 2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), pp. 407–414. IEEE (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jassim Happa
    • 1
    Email author
  • Nick Moffat
    • 1
  • Michael Goldsmith
    • 1
  • Sadie Creese
    • 1
  1. 1.Department of Computer ScienceUniversity of OxfordOxfordUK

Personalised recommendations