Skip to main content
SpringerLink
Log in

A UML Profile for Privacy-Aware Data Lifecycle Models

  • Conference paper
  • First Online:
Computer Security (SECPRE 2017, CyberICPS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10683))

Abstract

Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards to govern the processing of personal data. However, it is widely recognised that there is a disconnect between policy-makers’ intentions and software engineering reality. The Abstract Personal Data Lifecycle (APDL) model, which was proposed to serve as an abstract model for personal data life-cycles, distinguishes between the main operations that can be performed on personal data during its lifecycle by outlining the various distinct activities for each operation. We show how the APDL can be represented in terms of the Unified Modeling Language (UML). The profile is illustrated via a realistic case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Personal data, by its nature, is considered sensitive data when it is related to special categories, including racial or ethnic origin, etc. [23].

References

  1. Alshammari, M., Simpson, A.C.: Personal Data Management for Privacy Engineering: An Abstract Personal Data Lifecycle Model (2017). https://www.cs.ox.ac.uk/publications/publication10942-abstract.html

  2. American Institute of Certified Public Accountants and Canadian Institute of Chartered Accountants (AICPA/CICA): Generally Accepted Privacy Principles (2009). https://www.cippguide.org/2010/07/01/generally-accepted-privacy-principles-gapp/

  3. Antignac, T., Scandariato, R., Schneider, G.: A privacy-aware conceptual model for handling personal data. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 942–957. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_65

    Chapter  Google Scholar 

  4. Balasch, J., Rial, A., Troncoso, C., Preneel, B., Verbauwhede, I., Geuens, C.: PrETP: privacy-preserving electronic toll pricing. In: Proceedings of the 19th USENIX Security Symposium, pp. 63–78 (2010)

    Google Scholar 

  5. Cavoukian, A.: Creation of a Global Privacy Standard (2006). https://www.ipc.on.ca/images/Resources/gps.pdf

  6. Cavoukian, A.: Privacy by design... take the challenge. Office of the Information and Privacy Commissioner of Ontario (2009)

    Google Scholar 

  7. Diaz, C., Kosta, E., Dekeyser, H., Kohlweiss, M., Nigusse, G.: Privacy preserving electronic petitions. Identity Inf. Soc. 1(1), 203–219 (2008)

    Article  Google Scholar 

  8. GĂĽrses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. Comput. Priv. Data Prot. 14(3), 25 (2011)

    Google Scholar 

  9. Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38

    Chapter  Google Scholar 

  10. Joyee De, S., Le Métayer, D.: A refinement approach for the reuse of privacy risk analysis results. In: Proceedings of the Fifth ENISA Annual Privacy Forum (APF 2017), pp. 73–109. Österreichische Computer Gesellschaft (2017)

    Google Scholar 

  11. Jürjens, J.: UMLsec: extending uml for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32

    Chapter  Google Scholar 

  12. JĂĽrjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005). https://doi.org/10.1007/b137706

    MATH  Google Scholar 

  13. Martín, Y.S., Del Alamo, J.M., Yelmo, J.C.: Engineering privacy requirements valuable lessons from another realm. In: 2014 IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), pp. 19–24. IEEE (2014)

    Google Scholar 

  14. Nissenbaum, H.F.: Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press, Stanford (2009)

    Google Scholar 

  15. Object Management Group: OMG Unified Modeling Language (OMG UML) (2015). http://www.omg.org/spec/UML/

  16. Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)

    Article  Google Scholar 

  17. Solove, D.J.: A taxonomy of privacy. Univ. Pa. Law Rev. 154(3), 477–564 (2006)

    Article  Google Scholar 

  18. The European Commission: The European Electronic Toll Service (EETS): 2011 Guide for the Application of the Directive on the Interoperability of Electronic Road Toll Systems (2011). http://ec.europa.eu/transport/themes/its/road/application_areas/electronic_pricing_and_payment_en

  19. The European Union: Official Journal of the European Communities: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=EN

  20. The European Union: Official Journal of the European Communities: Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (2002). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32002L0058&from=EN

  21. The European Union: Official Journal of the European Communities: Directive 2004/52/EC Of the European Parliament and of the Council of 29 April 2004 on the interoperability of electronic road toll systems in the Community (2004). http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32004L0052R%2801%29&from=EN

  22. The European Union: Official Journal of the European Communities: Commission Decision 2009/750/EC of 6 October 2009 on the definition of the European Electronic Toll Service and its technical elements (2009). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32009D0750

  23. The European Union: Official Journal of the European Union: General Data Protection Regulation (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679

  24. United States Department of Health, Education and Welfare: Secretary’s Advisory Committee on Automated Personal Data Systems: Records, Computers and the Rights of Citizens: Report. MIT Press, Cambridge (1973)

    Google Scholar 

  25. Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54–61 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Oxford, Wolfson Building, Parks Road, Oxford, OX1 3QD, UK

    Majed Alshammari & Andrew Simpson

Authors
  1. Majed Alshammari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew Simpson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Majed Alshammari .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, Ontario, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, Georgia, USA

    Annie AntĂłn

  8. University of the Aegean, Karlovassi, Greece

    Stefanos Gritzalis

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alshammari, M., Simpson, A. (2018). A UML Profile for Privacy-Aware Data Lifecycle Models. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72817-9_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72816-2

  • Online ISBN: 978-3-319-72817-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation